Re: [PATCH 00/12] One more attempt at useful kernel lockdown

From: joeyli
Date: Wed Sep 11 2013 - 05:32:23 EST

Next message: David Vrabel: "Re: [Xen-devel] [PATCH v1 0/5] xen/PMU: PMU support for Xen PV guests"
Previous message: Dan Carpenter: "Re: [PATCH] staging: dgnc: fix potential format string flaw"
In reply to: Kees Cook: "Re: [PATCH 00/12] One more attempt at useful kernel lockdown"
Next in thread: Mimi Zohar: "Re: [PATCH 00/12] One more attempt at useful kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

æ äï2013-09-10 æ 18:26 +0000ïMatthew Garrett æåï
> On Tue, 2013-09-10 at 14:23 -0300, Henrique de Moraes Holschuh wrote:
> > On Tue, 10 Sep 2013, Matthew Garrett wrote:
> > > That's why modern systems require signed firmware updates.
> >
> > Linux doesn't. Is someone working on adding signature support to the
> > runtime firmware loader?
>
> It'd be simple to do so, but so far the model appears to be that devices
> that expect signed firmware enforce that themselves.
>
> --
> Matthew Garrett <matthew.garrett@xxxxxxxxxx>
> NrybXÇv^)Þ{.n+{y^nrzh&Gh(éÝj"mzÞfh~m

Takashi has a implementation of firmware check:

[PATCH RFC v2 0/4] Add firmware signature file check
https://lkml.org/lkml/2012/11/8/343

Thanks
Joey Lee

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Vrabel: "Re: [Xen-devel] [PATCH v1 0/5] xen/PMU: PMU support for Xen PV guests"
Previous message: Dan Carpenter: "Re: [PATCH] staging: dgnc: fix potential format string flaw"
In reply to: Kees Cook: "Re: [PATCH 00/12] One more attempt at useful kernel lockdown"
Next in thread: Mimi Zohar: "Re: [PATCH 00/12] One more attempt at useful kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]