| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 May 2015 12:22:20 -0400 From: Mimi Zohar <zohar@...ux.vnet.ibm.com> To: "Woodhouse, David" <david.woodhouse@...el.com> Cc: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "seth.forshee@...onical.com" <seth.forshee@...onical.com>, "mricon@...nel.org" <mricon@...nel.org>, "dhowells@...hat.com" <dhowells@...hat.com>, "rusty@...tcorp.com.au" <rusty@...tcorp.com.au>, "linux-security-module@...r.kernel.org" <linux-security-module@...r.kernel.org>, "jlee@...e.de" <jlee@...e.de>, "kyle@...nel.org" <kyle@...nel.org>, "gnomes@...rguk.ukuu.org.uk" <gnomes@...rguk.ukuu.org.uk>, "james.l.morris@...cle.com" <james.l.morris@...cle.com>, "mcgrof@...e.com" <mcgrof@...e.com>, "serge@...lyn.com" <serge@...lyn.com>, "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org> Subject: Re: [RFD] linux-firmware key arrangement for firmware signing On Thu, 2015-05-21 at 16:03 +0000, Woodhouse, David wrote: > On Thu, 2015-05-21 at 08:45 -0700, Greg Kroah-Hartman wrote: > > On Thu, May 21, 2015 at 09:05:21AM -0400, Mimi Zohar wrote: > > > Signatures don't provide any guarantees as to code quality or > > > correctness. They do provide file integrity and provenance. In > > > addition to the license and a Signed-off-by line, having the > > > firmware provider include a signature of the firmware would be > > > nice. > > > > That would be "nice", but that's not going to be happening here, from > > what I can tell. The firmware provider should be putting the signature > > inside the firmware image itself, and verifying it on the device, in > > order to properly "know" that it should be running that firmware. The > > kernel shouldn't be involved here at all, as Alan pointed out. > > In a lot of cases we have loadable firmware precisely to allow us to > reduce the cost of the hardware. Adding cryptographic capability in the > 'load firmware' state of the device isn't really compatible with that > :) > > In the case where kernel and modules are signed, it *is* useful for a > kernel device driver also to be able to validate that what it's about > to load into a device is authentic. Where 'authentic' will originally > just mean that it's come from the linux-firmware.git repository or the > same entity that built (and signed) the kernel, but actually I *do* > expect vendors who are actively maintaining the firmware images in > linux-firmware.git to start providing detached signatures of their own. That's great! What format do you expect the detached signatures to be? Where will they reside? Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists