On 2017-02-15 19:46, Andy Shevchenko wrote: > On Wed, Feb 15, 2017 at 8:14 PM, Jan Kiszka <jan.kiszka@xxxxxxxxxxx> wrote: >> See patch 2 for the background. >> >> Series has been tested on the Galileo Gen2, to exclude regressions, with >> a firmware.cap without security header and the SIMATIC IOT2040 which >> requires the header because of its mandatory secure boot. > > Briefly looking to the code it looks like a real hack. > Sorry, but it would be carefully (re-)designed. The interface that the firmware provides us? That should have been done differently, I agree, but I'm not too much into those firmware details, specifically when it comes to signatures. The Linux code was designed around that suboptimal situation. If there are better ideas, I'm all ears. Jan -- Siemens AG, Corporate Technology, CT RDA ITP SES-DE Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html