Re: [PATCH RFC 0/4] Add firmware signature file check

From: Ming Lei
Date: Tue Nov 06 2012 - 06:03:48 EST

Next message: Jiri Kosina: "[GIT] floppy"
Previous message: Gustavo Padovan: "Re: [PATCH] ath3k: Add support for VAIO VPCEH [0489:e027]"
In reply to: Takashi Iwai: "Re: [PATCH RFC 0/4] Add firmware signature file check"
Next in thread: Alan Cox: "Re: [PATCH RFC 0/4] Add firmware signature file check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 6, 2012 at 6:53 PM, Takashi Iwai <tiwai@xxxxxxx> wrote:
> At Tue, 6 Nov 2012 18:40:57 +0800,
>> It is true if all firmwares are signed on safe boot. If firmware is allowed
>> to be loaded from network or other non-fs place in secure distribution,
>> your patch will break this loading.
>
> Do we already have such a secure mechanism? How is the security
> assured?

I don't know, and my comments are just on your patch and the condition.
I understand secure guys should know if the condition may be true or false, :-)

>> The clue can be found from debug message.
>
> Debug messages are turned off on normal machines, unfortunately.

Kernel guys will put one eye on bug report, also enabling udev log
can help the problem too.

Thanks,
--
Ming Lei
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Kosina: "[GIT] floppy"
Previous message: Gustavo Padovan: "Re: [PATCH] ath3k: Add support for VAIO VPCEH [0489:e027]"
In reply to: Takashi Iwai: "Re: [PATCH RFC 0/4] Add firmware signature file check"
Next in thread: Alan Cox: "Re: [PATCH RFC 0/4] Add firmware signature file check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]