On Tue, Nov 6, 2012 at 3:03 PM, Takashi Iwai <tiwai@xxxxxxx> wrote: > > Yeah, it's just uncovered in the patch. As a easy solution, apply the > patch like below to disallow the udev fw loading when signature check > is enforced. > > > thanks, > > Takashi > > --- > diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c > index 575bc4c..93121c3 100644 > --- a/drivers/base/firmware_class.c > +++ b/drivers/base/firmware_class.c > @@ -912,6 +912,13 @@ static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent, > goto handle_fw; > } > > + /* signature check isn't handled via udev fw loading */ > + if (sig_enforce) { > + fw_load_abort(fw_priv); > + direct_load = 1; > + goto handle_fw; > + } > + The above might be wrong if the firmware file doesn't exist in default search paths. You should skip loading from user space only if verify_signature() returns false. And the udev loading should be resorted to if there is no such firmware file in default search paths. > /* fall back on userspace loading */ > buf->fmt = PAGE_BUF; > Thanks, -- Ming Lei -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html