Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware

From: Mimi Zohar
Date: Tue May 15 2018 - 13:38:08 EST

Next message: kbuild test robot: "Re: [PATCH 2/2] support kdump when AMD secure memory encryption is active"
Previous message: Linus Walleij: "Re: [PATCH 5/6] hwspinlock/u8500: Switch to SPDX license identifier"
In reply to: Josh Boyer: "Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2018-05-15 at 08:32 -0400, Josh Boyer wrote:

> One aspect that was always a concern to some is whether the firmware files
> were modified directly to have the signature attached to them. That may
> run afoul of the "no modification" license that most blobs are shipped
> under. Does IMA have the signatures for the files stored in xattrs or in
> some other detached manner?

They're stored as xattrs. ÂRPM has support for including file
signatures in the RPM header.

Mimi

Next message: kbuild test robot: "Re: [PATCH 2/2] support kdump when AMD secure memory encryption is active"
Previous message: Linus Walleij: "Re: [PATCH 5/6] hwspinlock/u8500: Switch to SPDX license identifier"
In reply to: Josh Boyer: "Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]