On Wed, May 20, 2015 at 09:04:26AM -0500, Seth Forshee wrote: > I raised the question of key revocation when we discussed this on irc, > but it wasn't answered to my satisfaction. If a key signed by the > kernel-embedded key is compromised, how can that key be revoked so that > it is no longer trusted? > > Someone mentioned UEFI blacklists, which I don't know much about, but > not all systems have UEFI. The only reliable option that comes to mind > for me is an in-kernel blacklist of keys which should no longer be > trusted. > I think the solution here is two-fold... first, we'll probably try some to use a HSM for signing, so there's extremely low risk of compromise. Secondly, if we annotate the key such that it can only be used for firmware, a compromise of my key won't allow you to kexec or load kernel modules. regards, --Kyle -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
