On Tue, 2013-09-10 at 16:48 -0700, H. Peter Anvin wrote: > On 09/10/2013 04:43 PM, Mimi Zohar wrote: > > > > Why invent yet another method of verifying the integrity of a file based > > on a signature? Why not use the existing method for appraising files? > > Just create a new integrity hook at the appropriate place. > > > > What would the deliverables be from the hardware vendor and what tools > would you expect them to need on their end? The package installer needs to not only install files, but file metadata as well. Elena Reshetova (Intel) has already added rpm hooks to write security xattrs. The next step, yet to be done, is to include and write the signatures as part of the rpm install process. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html