On Tue, May 19, 2015 at 11:02:44AM +0100, David Howells wrote: > Luis R. Rodriguez <mcgrof@xxxxxxxxxxxxxxxx> wrote: > > > +The kernel firmware signing facility enables to cryptographically sign > > +firmware files on a system using the same keys used for module signing. > > +Firmware files's signatures consist of PKCS#7 messages of the respective > > +firmware file. A firmware file named foo.bin, would have its respective > > +signature on the filesystem as foo.bin.p7s. When firmware signature > > +checking is enabled (FIRMWARE_SIG) and when one of the above APIs is used > > +against foo.bin, the file foo.bin.p7s will also be looked for. If > > +FIRMWARE_SIG_FORCE is enabled the foo.bin file will only be allowed to > > +be returned to callers of the above APIs if and only if the foo.bin.p7s > > +file is confirmed to be a valid signature of the foo.bin file. If > > +FIRMWARE_SIG_FORCE is not enabled and only FIRMWARE_SIG is enabled the > > +kernel will be permissive and enabled unsigned firmware files, or firmware > > +files with incorrect signatures. If FIRMWARE_SIG is not enabled the > > +signature file is ignored completely. > > I'd rework this paragraph somewhat. How about: > <-- snip --> Looks sexy, taken word for word, thanks! Luis -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
