[Ksummit-discuss] Last minute nominations: mcgrof and toshi
Andy Lutomirski
luto at amacapital.net
Mon Aug 1 23:12:15 UTC 2016
On Aug 1, 2016 3:56 PM, "Jason Cooper" <jason at lakedaemon.net> wrote:
>
> Hey Andy, Luis, Mimi,
>
> On Mon, Aug 01, 2016 at 02:14:52PM -0700, Andy Lutomirski wrote:
> > Or he could use my old suggestion instead: rather than signing the
> > firmware blob itself, sign a little data structure like this:
> >
> > struct linux_blob_signed_data {
> > unsigned char magic[8]; // "LINUXSIG" -- for domain separation in
case someone messes up
> > uint32_t version; // = 1
> > unsigned char sha256[32]; // SHA256 hash of the blob
> > uint32_t type; // what type of thing this is (firmware, etc)
> > unsigned char description[]; // the remainder of the structure is
"iwlwifi-whatever.ucode", etc.
> > };
>
> I would include the length of the blob in here as well.
That's not a bad idea even though length extension doesn't matter here. If
nothing else, it'll help mitigate silly DoS attacks in which a bad guy
supplies an insanely large blob. On the other hand, any attacker is
probably root and can easily DoS us no matter what. It could make the
implementation simpler too, I suppose.
If anyone replaced SHA256 with a boneheaded "hash" like Amazon Glacier's,
then checking the length is necessary.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/ksummit-discuss/attachments/20160801/09ce91f4/attachment-0001.html>
More information about the Ksummit-discuss
mailing list