Hi Martin, Please let us know if any further information is needed for acceptance of this patch. Thanks, Sreekanth On Wed, Aug 26, 2020 at 9:53 PM Sreekanth Reddy <sreekanth.reddy@xxxxxxxxxxxx> wrote: > > On Tue, Aug 25, 2020 at 7:45 AM Martin K. Petersen > <martin.petersen@xxxxxxxxxx> wrote: > > > > > > Sreekanth, > > > > > As explained in description the purpose of disabling support for these > > > devices in the driver is to avoid interacting with any firmware which > > > is not secured/signed by Broadcom. > > > > I understand, but that should be a user decision. > > > > What are these devices you want to disable support for? Why is their > > firmware not signed? > > The scenario that we are discussing here is a scenario where the > device is showing evidence that someone has attempted to physically > tamper with the device and has attempted to put it into a state where > security could be compromised. > > Broadcom adapters participate in a Secure Boot process, where every > piece of FW is digitally signed by Broadcom and is checked for a valid > signature. If any piece of our adapter FW fails this signature check, > it is possible the FW has been tampered with and the adapter should > not be used. Our driver should not make any additional access to the > “invalid/tampered” adapter because the FW is not valid (could be > malicious FW). This type of detection is added into latest Aero and > Sea family adapters h/w. > > Thanks, > Sreekanth > > > > > > -- > > Martin K. Petersen Oracle Linux Engineering
