[Ksummit-discuss] [TECH TOPIC] Signature management - keys, modules, firmware, was: Last minute nominations: mcgrof and toshi
Stephen Hemminger
stephen at networkplumber.org
Wed Jul 27 18:17:06 UTC 2016
On Wed, 27 Jul 2016 14:04:06 +0000
Jason Cooper <jason at lakedaemon.net> wrote:
> Hi David,
>
> On Tue, Jul 26, 2016 at 03:42:18PM +0100, David Woodhouse wrote:
> > On Sat, 2016-07-16 at 01:52 +0100, Mark Brown wrote:
> > > On Fri, Jul 15, 2016 at 03:57:51PM -0400, Mimi Zohar wrote:
> > >
> > > > Oops, "Signature management - keys, modules, firmware" was a
> > > > suggestion from last year, but in my opinion still very apropos.
> > >
> > > Yup, definitely - especially with secure boot starting to firm up on
> > > the ARM side there's a bunch more interest in it from more embedded
> > > applications.
> >
> > Are we going to propose this again "formally" (i.e. sufficiently
> > clearly that the committee take note and consider it)?
>
> $subject modified.
>
> > If so, I would also be keen to participate.
>
> Myself as well. I've often wondered about devicetree signing. Since it
> needs to be modified by the bootloader in a lot of cases (RAM size,
> cmdline, etc), but a malicious modification would be to remove the TPM
> node. :-)
I am interested in this as well because of issues in creating secure guests.
More information about the Ksummit-discuss
mailing list