[Ksummit-discuss] [TECH TOPIC] Firmware signing
David Woodhouse
dwmw2 at infradead.org
Tue Jul 28 15:12:06 UTC 2015
On Tue, 2015-07-28 at 14:36 +0100, David Howells wrote:
> (3) If the vendors of firmware blobs supply signatures, should we accept
> those instead of or as well as linux-firmware signatures?
Yes, definitely. And in fact that ties in to separate discussions we've
been having about how to automatically *obtain* certain firmware
images, which are signed by Microsoft's AuthentiCode scheme.
People were talking about how to validate those signatures in userspace
when we obtain the firmware. But really, they should be carried all the
way through and validated in the kernel too.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/ksummit-discuss/attachments/20150728/7f9fad7b/attachment.bin>
More information about the Ksummit-discuss
mailing list