Mimi,
On Wed, Nov 08, 2017 at 09:17:37PM -0500, Mimi Zohar wrote:
> > > IMHO that should just fail then, ie, a "locked down" kernel should not
> > > want to
> > > *pass* a firmware signature if such thing could not be done.
> > >
> > > Its no different than trying to verify a signed module on a
> > IMHO that should just fail then, ie, a "locked down" kernel should not want
> > to
> > *pass* a firmware signature if such thing could not be done.
> >
> > Its no different than trying to verify a signed module on a "locked down"
> > for
> > which it has no signature.
> >
> > But perhaps
On Wed, Nov 08, 2017 at 08:46:26PM +0100, Luis R. Rodriguez wrote:
> On Wed, Nov 08, 2017 at 03:15:54PM +0900, AKASHI, Takahiro wrote:
> > Luis,
> >
> > Thank you for this heads-up.
> >
> > On Wed, Nov 08, 2017 at 12:07:00AM +0100, Luis R. Rodriguez wrote:
> > > On Thu, Nov 02, 2017 at
On Wed, Nov 08, 2017 at 03:01:09PM -0500, Mimi Zohar wrote:
>
> > > Or reflect that IMA-appraisal, if enabled, will enforce firmware being
> > > validly signed.
> >
> > But FWICT lockdown is a built-in kernel thingy, unless lockdown implies IMA
> > it would not be the place to refer to it.
> >
> > Or reflect that IMA-appraisal, if enabled, will enforce firmware being
> > validly signed.
>
> But FWICT lockdown is a built-in kernel thingy, unless lockdown implies IMA
> it would not be the place to refer to it.
>
> It seems the documentation was proposed to help users if an error was
On Wed, Nov 08, 2017 at 03:15:54PM +0900, AKASHI, Takahiro wrote:
> Luis,
>
> Thank you for this heads-up.
>
> On Wed, Nov 08, 2017 at 12:07:00AM +0100, Luis R. Rodriguez wrote:
> > On Thu, Nov 02, 2017 at 06:10:41PM -0400, Mimi Zohar wrote:
> > > On Thu, 2017-11-02 at 22:04 +, David Howells
On Thu, 2 Nov 2017, Shanker Donthineni wrote:
The ARM architecture defines the memory locations that are permitted
to be accessed as the result of a speculative instruction fetch from
an exception level for which all stages of translation are disabled.
Specifically, the core is permitted to