[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <s5hfw4nj4vf.wl%tiwai@suse.de>
Date: Mon, 05 Nov 2012 19:12:36 +0100
From: Takashi Iwai <tiwai@...e.de>
To: Matthew Garrett <mjg59@...f.ucam.org>
Cc: Alan Cox <alan@...rguk.ukuu.org.uk>, joeyli <jlee@...e.com>,
Jiri Kosina <jkosina@...e.cz>,
David Howells <dhowells@...hat.com>,
Rusty Russell <rusty@...tcorp.com.au>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org
Subject: Re: [PATCH RFC 0/4] Add firmware signature file check
At Mon, 05 Nov 2012 18:18:24 +0100,
Takashi Iwai wrote:
>
> Hi,
>
> this is a patch series to add the support for firmware signature
> check. At this time, the kernel checks extra signature file (*.sig)
> for each firmware, instead of embedded signature.
> It's just a quick hack using the existing module signing mechanism,
> thus provided only as a proof of concept for now.
>
> To be noted, it doesn't support the firmwares via udev but only the
> direct loading, and the check for built-in firmware is missing, too.
On the second thought, checking the signature for builtin firmwares is
superfluous. And udev usage for firmware loading should be pretty
rare with 3.7 kernel. So, locking down the udev loading case when
sig_enforce = true should suffice in most cases, I guess.
Takashi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists