[PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware

[PATCH 0/6] firmware: kernel signature verification · Mimi Zohar <hidden> · 2018-05-01
[PATCH 1/6] firmware: permit LSMs and IMA to fail firmware sysfs fallback loading · Mimi Zohar <hidden> · 2018-05-01
Re: [PATCH 1/6] firmware: permit LSMs and IMA to fail firmware sysfs fallback loading · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-04
Re: [PATCH 1/6] firmware: permit LSMs and IMA to fail firmware sysfs fallback loading · Mimi Zohar <hidden> · 2018-05-04
[PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · Mimi Zohar <hidden> · 2018-05-01
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-04
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · Mimi Zohar <hidden> · 2018-05-04
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-08
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · Mimi Zohar <hidden> · 2018-05-09
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-09
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · Mimi Zohar <hidden> · 2018-05-09
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-09
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · Mimi Zohar <hidden> · 2018-05-09
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-09
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · Mimi Zohar <hidden> · 2018-05-10
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-10
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · Mimi Zohar <hidden> · 2018-05-11
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-11
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · Mimi Zohar <hidden> · 2018-05-14
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-14
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · Mimi Zohar <hidden> · 2018-05-15
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-15
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · Josh Boyer <jwboyer@kernel.org> · 2018-05-15
Re: [PATCH 3/6] firmware: differentiate between signed regulatory.db and other firmware · Mimi Zohar <hidden> · 2018-05-15
[PATCH 5/6] ima: verify kernel firmware signatures when using a preallocated buffer · Mimi Zohar <hidden> · 2018-05-01
[RFC PATCH 6/6] ima: prevent loading firmware into a pre-allocated buffer · Mimi Zohar <hidden> · 2018-05-01
Re: [RFC PATCH 6/6] ima: prevent loading firmware into a pre-allocated buffer · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-04
[PATCH 4/6] ima: coordinate with signed regulatory.db · Mimi Zohar <hidden> · 2018-05-01
[PATCH 2/6] ima: prevent sysfs fallback firmware loading · Mimi Zohar <hidden> · 2018-05-01
Re: [PATCH 2/6] ima: prevent sysfs fallback firmware loading · "Luis R. Rodriguez" <mcgrof@kernel.org> · 2018-05-04

From: Mimi Zohar <hidden>
Date: 2018-05-15 12:43:39
Also in: linux-integrity, linux-wireless, lkml

On Tue, 2018-05-15 at 08:32 -0400, Josh Boyer wrote:

One aspect that was always a concern to some is whether the firmware files
were modified directly to have the signature attached to them.  That may
run afoul of the "no modification" license that most blobs are shipped
under.  Does IMA have the signatures for the files stored in xattrs or in
some other detached manner?

They're stored as xattrs. ?RPM has support for including file
signatures in the RPM header.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help