On Tue, Nov 6, 2012 at 1:36 PM, Li Joey <jlee@xxxxxxxxxx> wrote: > The udev direct write firmware through data attribute, maybe we can do the > same signature verification in firmware_data_write? The following patch > didn't test yet. > @@ -655,6 +656,23 @@ static ssize_t firmware_data_write(struct file *filp, > struct kobject *kobj, > } > > buf->size = max_t(size_t, offset, buf->size); > + > +#ifdef CONFIG_FIRMWARE_SIG > + for (i = 0; i < ARRAY_SIZE(fw_path); i++) { > + snprintf(path, PATH_MAX, "%s/%s.sig", fw_path[i], > buf->fw_id); > + if (verify_signature(buf, path)) > + success = true; > + } When direct loading failed, it means that the firmware isn't under the default search path, so the above verification might return false always. Thanks, -- Ming Lei -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html