[Ksummit-discuss] [TECH TOPIC] Firmware signing

James Morris jmorris at namei.org
Wed Jul 29 02:00:19 UTC 2015


On Tue, 28 Jul 2015, Andy Lutomirski wrote:

> This does not mean that their key should be acceptable for kexec
> images, modules, GPU firmware, firmware for different vendors' USB
> sticks, firmware for my hard disk, etc.  In fact I flat out distrust
> them if they ever try to provide such blobs.

Limiting key use is generally a good idea, even if we trust the vendor, 
keys get stolen.  We want to limit the damage that can be done with those 
keys.


-- 
James Morris
<jmorris at namei.org>



More information about the Ksummit-discuss mailing list