| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Nov 2012 19:03:58 +0800 From: Ming Lei <tom.leiming@...il.com> To: Takashi Iwai <tiwai@...e.de> Cc: Matthew Garrett <mjg59@...f.ucam.org>, Alan Cox <alan@...rguk.ukuu.org.uk>, joeyli <jlee@...e.com>, Jiri Kosina <jkosina@...e.cz>, David Howells <dhowells@...hat.com>, Rusty Russell <rusty@...tcorp.com.au>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org Subject: Re: [PATCH RFC 0/4] Add firmware signature file check On Tue, Nov 6, 2012 at 6:53 PM, Takashi Iwai <tiwai@...e.de> wrote: > At Tue, 6 Nov 2012 18:40:57 +0800, >> It is true if all firmwares are signed on safe boot. If firmware is allowed >> to be loaded from network or other non-fs place in secure distribution, >> your patch will break this loading. > > Do we already have such a secure mechanism? How is the security > assured? I don't know, and my comments are just on your patch and the condition. I understand secure guys should know if the condition may be true or false, :-) >> The clue can be found from debug message. > > Debug messages are turned off on normal machines, unfortunately. Kernel guys will put one eye on bug report, also enabling udev log can help the problem too. Thanks, -- Ming Lei -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists