On Wed, Feb 26, 2014 at 2:48 PM, Matthew Garrett <matthew.garrett@xxxxxxxxxx> wrote: > On Wed, 2014-02-26 at 22:41 +0000, One Thousand Gnomes wrote: >> Another issue that needs addressing is firmware. Quite a few of our >> request_firmware cases load device firmware which is not signed into DMA >> capable hardware. Probably also worth checking what the >> architectural guarantees on bogus microcode updates is. Maybe we need >> firmware signing for such cases to match the mod signing ? > > Vendors keep telling me that they're validating firmware for new > hardware, and I keep tending not to believe them. Meh. The big problem > with firmware signatures is that we don't necessarily have the right to > distribute modified versions of the firmware, so we'd need detached > signature support. I'm certainly not against this. I have been working on a patch series for this. It will have LSM hooks for validating firmware origin (via fd) and contents (via blob), similar to the changes I made for validating module origins. It just need to finish testing, and I'll post the series. If you want to check it out in its current state, it's here: http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=fw-restrict -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
