Re: [RFD] linux-firmware key arrangement for firmware signing

From: David Howells
Date: Tue May 26 2015 - 19:07:27 EST

Next message: tip-bot for Alexandre Belloni: "[tip:timers/core] clockevents: Do not suspend/resume if unused"
Previous message: Andi Kleen: "Re: [PATCH v4 0/3] Compile-time stack frame pointer validation"
In reply to: Mimi Zohar: "Re: [RFD] linux-firmware key arrangement for firmware signing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

One Thousand Gnomes <gnomes@xxxxxxxxxxxxxxxxxxx> wrote:

> Ie you need to sign something more than the firmware, such as (firmware,
> modinfo), so it's signed for "firmware X on PCI:8086,1114 or "firmware Y
> on ACPI:0A1D"

I'm suggesting that we use the name string passed to request_firmware().

> IMHO we want the supplier of a given firmware providing signatures on
> the firmware git tree if this is done. A generic linux-firmware owned key
> would be both a horrendously inviting attack target, and a single point of
> failure.
>
> Git can already do all the needed commit signing bits unless I'm missing
> something here ?

How does this help the kernel check that it's been given the right firmware
blob for its request? Unless you compile into the kernel a list of hashes
compiled from the linux-firmware git head (or representative root hash) - in
which case we're back to Andy's hash list/hash tree approach with the problems
that that entails.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: tip-bot for Alexandre Belloni: "[tip:timers/core] clockevents: Do not suspend/resume if unused"
Previous message: Andi Kleen: "Re: [PATCH v4 0/3] Compile-time stack frame pointer validation"
In reply to: Mimi Zohar: "Re: [RFD] linux-firmware key arrangement for firmware signing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]