On Tue, 10 Sep 2013, Kees Cook wrote:
Subject: Re: [PATCH 00/12] One more attempt at useful kernel lockdown
On Tue, Sep 10, 2013 at 11:51 AM, gregkh@xxxxxxxxxxxxxxxxxxx
<gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
On Tue, Sep 10, 2013 at 11:29:45AM -0700, H. Peter Anvin wrote:
On 09/10/2013 11:26 AM, Matthew Garrett wrote:
On Tue, 2013-09-10 at 14:23 -0300, Henrique de Moraes Holschuh wrote:
On Tue, 10 Sep 2013, Matthew Garrett wrote:
That's why modern systems require signed firmware updates.
Linux doesn't. Is someone working on adding signature support to the
runtime firmware loader?
It'd be simple to do so, but so far the model appears to be that devices
that expect signed firmware enforce that themselves.
Most devices do absolutely no verification on the firmware, and simply
trust the driver.
So signing firmware is probably critical.
How are you going to "validate" that the firmware is correct, given
that it's just a "blob" living in the linux-firmware tree. If you sign
it, what is that saying?
In theory these blobs are traceable to a manufacturer. It's not really
an indication that it's "safe" more than it's an indication that it
hasn't been changed. But I haven't chased this very hard yet because
of below...
well, not if you are trying to defend against root breaking in to the machine.
David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html