On Tue, 2013-03-19 at 16:35 +0000, Matthew Garrett wrote: > On Tue, Mar 19, 2013 at 08:14:45AM +0000, James Bottomley wrote: > > > Any security assumptions that rely on inability to read certain > > information aren't really going to be that secure. Inability to modify, > > sure, but inability to read, not really. > > Well, I guess that's public/private key cryptography screwed. Well, OK, it's ex-BIOS writers we're dealing with, so I won't say no-one would be stupid enough to come up with a security scheme embedding Private Keys in BS+NV variables, but I would have thought the fact that Linux would blow the lid off it might be a good incentive not to do it and thus a plus point for this patch. James -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html