[Ksummit-discuss] [TECH TOPIC] Signature management - keys, modules, firmware, was: Last minute nominations: mcgrof and toshi
Andy Lutomirski
luto at amacapital.net
Tue Aug 2 14:53:16 UTC 2016
On Aug 2, 2016 7:00 AM, "Jason Cooper" <jason at lakedaemon.net> wrote:
>
> The problem here is that we (users) need to be able to verify that
> iwlwifi-whatever.ucode claimed to be created by Intel, was indeed the
> *same* one Intel shipped out the door. That's it. It's up to the user
> to decide to "trust" Intel's microcode or not. All the kernel should be
> doing is confirming cryptographically that it came from Intel.
Except that this particular use case doesn't require any kernel support at
all. If the goal is that root doesn't want to load a bad firmware, then
root can check whatever signature it wants in userspace.
The point of in-kernel verification is to enforce policies that are
intended to work even if root is compromised. This includes CRDA-like
policy and MS's Secure Boot policy. If, while doing this, we get to check
vendor keys too, that's just an added benefit in my book.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/ksummit-discuss/attachments/20160802/326a91ea/attachment.html>
More information about the Ksummit-discuss
mailing list