Re: Linux Firmware Signing

From: Luis R. Rodriguez
Date: Tue Sep 01 2015 - 20:00:48 EST


On Mon, Aug 31, 2015 at 12:45:36PM -0400, Mimi Zohar wrote:
> On Mon, 2015-08-31 at 17:05 +0100, David Woodhouse wrote:
> > On Mon, 2015-08-31 at 10:18 -0400, Mimi Zohar wrote:
> > > I'm not real happy about it, but since we can't break the existing ABI
> > > of loading data into the kernel via a buffer, a stop gap method of
> > > signing and verifying a buffer would be needed.
> >
> > Actually I think we can. The usermode helper is already being phased
> > out.
>
> Right. The discussion has moved beyond just firmware, but to policies
> and other things the kernel consumes.

And I'm saying that if the pitch here is we should be vetting *all* buffers
passed to the kernel I'd agree a generic interface is desriable but more
importantly I think we should get everyone on board first and its not clear
to me that has yet happened.

For the other interfaces were discussing that *did* have an obvious file
descriptor (struct fd), or file (struct file) use it would seem obvious
to try to streamline that and share the code there (modules, firmware, kexec,
initramfs, SELinux policy files), our only issues there were what to do about
file that some distros require to be generated by machines and are machine
specific (SELinux policy file in some cases, initramfs in some others) and
for that Paul had suggested to consider the Machine Owner Key (MOK) -- but now
for buffers.... its news to me we had everyone up in arms in agreement on that
crusade. I didn't even know such crusade existed. I can see why, but was just
not aware there was an effort to streamline a solution.

Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/