On Thu, May 21, 2015 at 08:41:02AM +0300, Petko Manolov wrote: > > I too don't understand this need to sign something that you don't really know > > what it is from some other company, just to send it to a separate device that > > is going to do whatever it wants with it if it is signed or not. > > This is not the point. What you need to know is _where_ the firmware came from, > not _what_ it does once it reach your system. If you don't care about such > things, just ignore the signature. :) Ok, but how do we know "where"? Who is going to start signing and attesting to the validity of all of the firmware images in the linux-firmware tree suddenly? Why is it the kernel's job to attest this "where"? Shouldn't your distro/manufacturer be doing that as part of their "put this file on this disk" responsibilities (i.e. the package manager?) What is verifying a firmware image signature in the kernel attesting that isn't already known in userspace? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
