[Ksummit-discuss] [TECH TOPIC] Firmware signing
James Morris
jmorris at namei.org
Wed Jul 29 02:00:19 UTC 2015
On Tue, 28 Jul 2015, Andy Lutomirski wrote:
> This does not mean that their key should be acceptable for kexec
> images, modules, GPU firmware, firmware for different vendors' USB
> sticks, firmware for my hard disk, etc. In fact I flat out distrust
> them if they ever try to provide such blobs.
Limiting key use is generally a good idea, even if we trust the vendor,
keys get stolen. We want to limit the damage that can be done with those
keys.
--
James Morris
<jmorris at namei.org>
More information about the Ksummit-discuss
mailing list