Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown

From: Linus Torvalds
Date: Mon Nov 13 2017 - 17:09:17 EST

Next message: Mathieu Desnoyers: "[RFC] Restartable sequences tree tag v4.14-rseq-20171113"
Previous message: Rafael J. Wysocki: "[GIT PULL] Device properties framework updates for v4.15-rc1"
In reply to: David Howells: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Next in thread: Alan Cox: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 13, 2017 at 1:44 PM, David Howells <dhowells@xxxxxxxxxx> wrote:
>
> Whilst that may be true, we either have to check signatures on every bit of
> firmware that the appropriate driver doesn't say is meant to be signed or not
> bother.

I vote for "not bother".

Seriously, if you have firmware in /lib/firmware, and you don't trust
it, what the hell are you doing?

Oh, it's one of those "let's protect people from themselves, so that
they can't possibly break Disney^W^W be terrorists - but but the
children" things again, isn't it?

Watch me care.

Linus

Next message: Mathieu Desnoyers: "[RFC] Restartable sequences tree tag v4.14-rseq-20171113"
Previous message: Rafael J. Wysocki: "[GIT PULL] Device properties framework updates for v4.15-rc1"
In reply to: David Howells: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Next in thread: Alan Cox: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]