Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown

From: David Howells
Date: Mon Nov 13 2017 - 16:44:59 EST

Next message: Alex Williamson: "[GIT PULL] IOMMU updates for v4.15"
Previous message: Andi Kleen: "Re: CONFIG_DEBUG_INFO_SPLIT impacts on faddr2line"
In reply to: Alan Cox: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Next in thread: Linus Torvalds: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Cox <gnomes@xxxxxxxxxxxxxxxxxxx> wrote:

> So you don't actually need to sign a lot of PC class firmware because
> it's already signed.

Whilst that may be true, we either have to check signatures on every bit of
firmware that the appropriate driver doesn't say is meant to be signed or not
bother.

David

Next message: Alex Williamson: "[GIT PULL] IOMMU updates for v4.15"
Previous message: Andi Kleen: "Re: CONFIG_DEBUG_INFO_SPLIT impacts on faddr2line"
In reply to: Alan Cox: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Next in thread: Linus Torvalds: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]