> > It is true if all firmwares are signed on safe boot. If firmware is allowed > > to be loaded from network or other non-fs place in secure distribution, > > your patch will break this loading. Actually it's not. It should be true that firmware that can harm machine integrity and is loaded by the OS is signed at some level. However it is not true that - firmware that is no integrity threat (eg USB firmware) - firmware that can be flash updated on another PC and not observed by the target are necessarily in any way signed or secure. > Do we already have such a secure mechanism? How is the security > assured? Another thing to consider is that a lot of hardware (particularly anything aimed at such 'secure boot' machines) is already digitally signed. Whether you need to enforce external signing is a mix of driver specific questions ("does this device have signed firmware anyway", "can bogus firmware do anything interesting") and local policy "do I as admin want to block any firmware that isn't corporate site approved" For USB this is quite important because there is a ton of hardware out there which is intended to have firmware dumped into it for hacking and fun purposes and should generally be totally outside of the signing stuff. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html