Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown

From: Pavel Machek
Date: Tue Dec 05 2017 - 05:28:08 EST

Next message: Boris Brezillon: "Re: [PATCH] mtd: nand: squash struct nand_buffers into struct nand_chip"
Previous message: Ching Huang: "[PATCH 16/17] scsi: arcmsr: Add driver module parameter msix_enable"
In reply to: Alan Cox: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Next in thread: Luis R. Rodriguez: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > Our ability to determine that userland hasn't been tampered with
> > depends on the kernel being trustworthy. If userland can upload
> > arbitrary firmware to DMA-capable devices then we can no longer trust
> > the kernel. So yes, firmware is special.
>
> You're ignoring the whole "firmware is already signed by the hardware
> manufacturer and we don't even have access to it" part.

Well... I guess we'd prefer the firmware _not_ be signed, so we can
fix security holes in that after the vendor lost interest... Bugs in
the wifi stacks seemed patcheable that way.

There is GPLed firmware available for some USB wifi's. We really
should make sure firmware signing is not mandatory/encouraged for the hw vendors.

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature

Next message: Boris Brezillon: "Re: [PATCH] mtd: nand: squash struct nand_buffers into struct nand_chip"
Previous message: Ching Huang: "[PATCH 16/17] scsi: arcmsr: Add driver module parameter msix_enable"
In reply to: Alan Cox: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Next in thread: Luis R. Rodriguez: "Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]