| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 05 Nov 2012 19:12:36 +0100 From: Takashi Iwai <tiwai@...e.de> To: Matthew Garrett <mjg59@...f.ucam.org> Cc: Alan Cox <alan@...rguk.ukuu.org.uk>, joeyli <jlee@...e.com>, Jiri Kosina <jkosina@...e.cz>, David Howells <dhowells@...hat.com>, Rusty Russell <rusty@...tcorp.com.au>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org Subject: Re: [PATCH RFC 0/4] Add firmware signature file check At Mon, 05 Nov 2012 18:18:24 +0100, Takashi Iwai wrote: > > Hi, > > this is a patch series to add the support for firmware signature > check. At this time, the kernel checks extra signature file (*.sig) > for each firmware, instead of embedded signature. > It's just a quick hack using the existing module signing mechanism, > thus provided only as a proof of concept for now. > > To be noted, it doesn't support the firmwares via udev but only the > direct loading, and the check for built-in firmware is missing, too. On the second thought, checking the signature for builtin firmwares is superfluous. And udev usage for firmware loading should be pretty rare with 3.7 kernel. So, locking down the udev loading case when sig_enforce = true should suffice in most cases, I guess. Takashi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists