From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752405AbdKMVoy (ORCPT <rfc822;w@1wt.eu>);
        Mon, 13 Nov 2017 16:44:54 -0500
Received: from mx1.redhat.com ([209.132.183.28]:44324 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751234AbdKMVow (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 13 Nov 2017 16:44:52 -0500
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
        Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
        Kingdom.
        Registered in England and Wales under Company Registration No. 3798903
From: David Howells <dhowells@redhat.com>
In-Reply-To: <20171113210848.4dc344bd@alans-desktop>
References: <20171113210848.4dc344bd@alans-desktop> <150842463163.7923.11081723749106843698.stgit@warthog.procyon.org.uk> <14219.1509660259@warthog.procyon.org.uk> <1509660641.3416.24.camel@linux.vnet.ibm.com> <20171107230700.GJ22894@wotan.suse.de> <20171108061551.GD7859@linaro.org> <20171108194626.GQ22894@wotan.suse.de> <20171109014841.GF7859@linaro.org> <1510193857.4484.95.camel@linux.vnet.ibm.com> <20171109044619.GG7859@linaro.org> <20171111023240.2398ca55@alans-desktop> <20171113174250.GA22894@wotan.suse.de>
To: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Cc: dhowells@redhat.com, "Luis R. Rodriguez" <mcgrof@kernel.org>,
        "AKASHI, Takahiro" <takahiro.akashi@linaro.org>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Jan Blunck <jblunck@infradead.org>,
        Julia Lawall <julia.lawall@lip6.fr>,
        Marcus Meissner <meissner@suse.de>, Gary Lin <GLin@suse.com>,
        linux-security-module@vger.kernel.org,
        linux-efi <linux-efi@vger.kernel.org>, linux-kernel@vger.kernel.org,
        Matthew Garrett <mjg59@google.com>
Subject: Re: Firmware signing -- Re: [PATCH 00/27] security, efi: Add kernel lockdown
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <453.1510609487.1@warthog.procyon.org.uk>
Date: Mon, 13 Nov 2017 21:44:47 +0000
Message-ID: <454.1510609487@warthog.procyon.org.uk>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Mon, 13 Nov 2017 21:44:51 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Alan Cox <gnomes@lxorguk.ukuu.org.uk> wrote:

> So you don't actually need to sign a lot of PC class firmware because
> it's already signed.

Whilst that may be true, we either have to check signatures on every bit of
firmware that the appropriate driver doesn't say is meant to be signed or not
bother.

David