At Wed, 31 Oct 2012 17:37:28 +0000, Matthew Garrett wrote: > > On Wed, Oct 31, 2012 at 06:28:16PM +0100, Takashi Iwai wrote: > > > request_firmware() is used for microcode loading, too, so it's fairly > > a core part to cover, I'm afraid. > > > > I played a bit about this yesterday. The patch below is a proof of > > concept to (ab)use the module signing mechanism for firmware loading > > too. Sign firmware files via scripts/sign-file, and put to > > /lib/firmware/signed directory. > > That does still leave me a little uneasy as far as the microcode > licenses go. I don't know that we can distribute signed copies of some > of them, and we obviously can't sign at the user end. Yeah, that's a concern. Although this is a sort of "container" and keeping the original data as is, it might be regarded as a modification. Another approach would be to a signature in a separate file, but I'm not sure whether it makes sense. Takashi -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html