| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20121031173728.GA18615@srcf.ucam.org> Date: Wed, 31 Oct 2012 17:37:28 +0000 From: Matthew Garrett <mjg59@...f.ucam.org> To: Takashi Iwai <tiwai@...e.de> Cc: Jiri Kosina <jkosina@...e.cz>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org Subject: Re: [RFC] Second attempt at kernel secure boot support On Wed, Oct 31, 2012 at 06:28:16PM +0100, Takashi Iwai wrote: > request_firmware() is used for microcode loading, too, so it's fairly > a core part to cover, I'm afraid. > > I played a bit about this yesterday. The patch below is a proof of > concept to (ab)use the module signing mechanism for firmware loading > too. Sign firmware files via scripts/sign-file, and put to > /lib/firmware/signed directory. That does still leave me a little uneasy as far as the microcode licenses go. I don't know that we can distribute signed copies of some of them, and we obviously can't sign at the user end. -- Matthew Garrett | mjg59@...f.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists