Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown
David Howells
dhowells at redhat.com
Mon Nov 13 21:44:47 UTC 2017
Alan Cox <gnomes at lxorguk.ukuu.org.uk> wrote:
> So you don't actually need to sign a lot of PC class firmware because
> it's already signed.
Whilst that may be true, we either have to check signatures on every bit of
firmware that the appropriate driver doesn't say is meant to be signed or not
bother.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list