Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown

From: Pavel Machek
Date: Tue Dec 05 2017 - 05:28:08 EST


Hi!

> > Our ability to determine that userland hasn't been tampered with
> > depends on the kernel being trustworthy. If userland can upload
> > arbitrary firmware to DMA-capable devices then we can no longer trust
> > the kernel. So yes, firmware is special.
>
> You're ignoring the whole "firmware is already signed by the hardware
> manufacturer and we don't even have access to it" part.

Well... I guess we'd prefer the firmware _not_ be signed, so we can
fix security holes in that after the vendor lost interest... Bugs in
the wifi stacks seemed patcheable that way.

There is GPLed firmware available for some USB wifi's. We really
should make sure firmware signing is not mandatory/encouraged for the hw vendors.

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature