Re: [RFD] linux-firmware key arrangement for firmware signing
From: David Howells
Date: Tue May 26 2015 - 19:07:27 EST
One Thousand Gnomes <gnomes@xxxxxxxxxxxxxxxxxxx> wrote:
> Ie you need to sign something more than the firmware, such as (firmware,
> modinfo), so it's signed for "firmware X on PCI:8086,1114 or "firmware Y
> on ACPI:0A1D"
I'm suggesting that we use the name string passed to request_firmware().
> IMHO we want the supplier of a given firmware providing signatures on
> the firmware git tree if this is done. A generic linux-firmware owned key
> would be both a horrendously inviting attack target, and a single point of
> failure.
>
> Git can already do all the needed commit signing bits unless I'm missing
> something here ?
How does this help the kernel check that it's been given the right firmware
blob for its request? Unless you compile into the kernel a list of hashes
compiled from the linux-firmware git head (or representative root hash) - in
which case we're back to Andy's hash list/hash tree approach with the problems
that that entails.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/