Re: [RFC PATCH v1] fw_lockdown: new micro LSM module to prevent loading unsigned firmware

From: Luis R. Rodriguez
Date: Tue Apr 03 2018 - 13:06:40 EST

Next message: Jerome Glisse: "Re: [PATCH 4/8] dma-buf: add peer2peer flag"
Previous message: Andreas FÃrber: "Re: [PATCH v6 3/9] pinctrl: actions: Add Actions S900 pinctrl driver"
In reply to: Luis R. Rodriguez: "Re: [RFC PATCH v1] fw_lockdown: new micro LSM module to prevent loading unsigned firmware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 3, 2018 at 9:56 AM, Luis R. Rodriguez <mcgrof@xxxxxxxxxx> wrote:
> The biggest thing which has changed since then is that we decided to *not*
> support or streamline generic firmware signing (non-IMA) for now for a few
> reasons [0] [1] which are important to re-iterate as these are easy to forget,
> and AFAICT not documented anywhere.

And the URLs...

[0] https://lkml.kernel.org/r/20171204195155.GU729@xxxxxxxxxxxxx
[1] https://lkml.kernel.org/r/20171207153209.5da771a9@alans-desktop

Luis

Next message: Jerome Glisse: "Re: [PATCH 4/8] dma-buf: add peer2peer flag"
Previous message: Andreas FÃrber: "Re: [PATCH v6 3/9] pinctrl: actions: Add Actions S900 pinctrl driver"
In reply to: Luis R. Rodriguez: "Re: [RFC PATCH v1] fw_lockdown: new micro LSM module to prevent loading unsigned firmware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]