Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown
Alan Cox
gnomes at lxorguk.ukuu.org.uk
Fri Dec 8 17:11:53 UTC 2017
> One is to get more and more folks reverse engineer firmware. This won't help
> if you can't deploy unsigned firmware though. But you have to also look at it
Oh I think it will. From the experience with things like games consoles
most firmware is such a complete pile of s**t that you'll be able to
exploit it to load your own firmware through the bugs, and at the very
least after the 200th CVE against their firmware the vendor's direct
customers may be a bit fed up and demand proper process and visibility 8)
It's always going to be in tension though - because there is firmware you
really don't want people replacing maliciously, such as battery control,
or thermal protection.
Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list