Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown

From: Alan Cox
Date: Fri Dec 08 2017 - 12:14:18 EST

Next message: Alexandre Belloni: "Re: [PATCH v2 08/13] power: reset: Add a driver for the Microsemi Ocelot reset"
Previous message: Ravi Bangoria: "Re: [PATCH v2 0/5] perf-probe: Improve probing on versioned symbols"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> One is to get more and more folks reverse engineer firmware. This won't help
> if you can't deploy unsigned firmware though. But you have to also look at it

Oh I think it will. From the experience with things like games consoles
most firmware is such a complete pile of s**t that you'll be able to
exploit it to load your own firmware through the bugs, and at the very
least after the 200th CVE against their firmware the vendor's direct
customers may be a bit fed up and demand proper process and visibility 8)

It's always going to be in tension though - because there is firmware you
really don't want people replacing maliciously, such as battery control,
or thermal protection.

Alan

Next message: Alexandre Belloni: "Re: [PATCH v2 08/13] power: reset: Add a driver for the Microsemi Ocelot reset"
Previous message: Ravi Bangoria: "Re: [PATCH v2 0/5] perf-probe: Improve probing on versioned symbols"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]