Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751495Ab2KFLKt (ORCPT ); Tue, 6 Nov 2012 06:10:49 -0500 Received: from lxorguk.ukuu.org.uk ([81.2.110.251]:41053 "EHLO lxorguk.ukuu.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751372Ab2KFLKq (ORCPT ); Tue, 6 Nov 2012 06:10:46 -0500 Date: Tue, 6 Nov 2012 11:15:26 +0000 From: Alan Cox To: Takashi Iwai Cc: Ming Lei , Matthew Garrett , joeyli , Jiri Kosina , David Howells , Rusty Russell , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org Subject: Re: [PATCH RFC 0/4] Add firmware signature file check Message-ID: <20121106111526.2ab6f314@pyramind.ukuu.org.uk> In-Reply-To: References: <1348152065-31353-1-git-send-email-mjg@redhat.com> <20121029174131.GC7580@srcf.ucam.org> <20121031173728.GA18615@srcf.ucam.org> <1351743715.21227.95.camel@linux-s257.site> <20121101131849.752df6fd@pyramind.ukuu.org.uk> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.8; x86_64-redhat-linux-gnu) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEWysKsSBQMIAwIZCwj///8wIhxoRDXH9QHCAAABeUlEQVQ4jaXTvW7DIBAAYCQTzz2hdq+rdg494ZmBeE5KYHZjm/d/hJ6NfzBJpp5kRb5PHJwvMPMk2L9As5Y9AmYRBL+HAyJKeOU5aHRhsAAvORQ+UEgAvgddj/lwAXndw2laEDqA4x6KEBhjYRCg9tBFCOuJFxg2OKegbWjbsRTk8PPhKPD7HcRxB7cqhgBRp9Dcqs+B8v4CQvFdqeot3Kov6hBUn0AJitrzY+sgUuiA8i0r7+B3AfqKcN6t8M6HtqQ+AOoELCikgQSbgabKaJW3kn5lBs47JSGDhhLKDUh1UMipwwinMYPTBuIBjEclSaGZUk9hDlTb5sUTYN2SFFQuPe4Gox1X0FZOufjgBiV1Vls7b+GvK3SU4wfmcGo9rPPQzgIabfj4TYQo15k3bTHX9RIw/kniir5YbtJF4jkFG+dsDK1IgE413zAthU/vR2HVMmFUPIHTvF6jWCpFaGw/A3qWgnbxpSm9MSmY5b3pM1gvNc/gQfwBsGwF0VCtxZgAAAAASUVORK5CYII= Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1510 Lines: 35 > > It is true if all firmwares are signed on safe boot. If firmware is allowed > > to be loaded from network or other non-fs place in secure distribution, > > your patch will break this loading. Actually it's not. It should be true that firmware that can harm machine integrity and is loaded by the OS is signed at some level. However it is not true that - firmware that is no integrity threat (eg USB firmware) - firmware that can be flash updated on another PC and not observed by the target are necessarily in any way signed or secure. > Do we already have such a secure mechanism? How is the security > assured? Another thing to consider is that a lot of hardware (particularly anything aimed at such 'secure boot' machines) is already digitally signed. Whether you need to enforce external signing is a mix of driver specific questions ("does this device have signed firmware anyway", "can bogus firmware do anything interesting") and local policy "do I as admin want to block any firmware that isn't corporate site approved" For USB this is quite important because there is a ton of hardware out there which is intended to have firmware dumped into it for hacking and fun purposes and should generally be totally outside of the signing stuff. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/