On Tue, 2013-09-10 at 12:44 -0700, H. Peter Anvin wrote: > On 09/10/2013 12:17 PM, David Lang wrote: > >> > >> In theory these blobs are traceable to a manufacturer. It's not really > >> an indication that it's "safe" more than it's an indication that it > >> hasn't been changed. But I haven't chased this very hard yet because > >> of below... > > > > well, not if you are trying to defend against root breaking in to the > > machine. > > > > And we have at least some drivers where we even have the firmware in the > Linux kernel tree, and thus aren't opaque blobs at all. > > I suspect we'll need, at some point, a way for vendors that aren't > already doing signatures on their firmware in a device-specific way to > do so in a kernel-supported way. The easiest (in terms of getting > vendors to play along, not necessarily technically) might be a PGP > signature (either inline or standalone) and have the public key as part > of the driver? Why invent yet another method of verifying the integrity of a file based on a signature? Why not use the existing method for appraising files? Just create a new integrity hook at the appropriate place. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html