On Tue, 2015-07-28 at 14:36 +0100, David Howells wrote:

>  (3) If the vendors of firmware blobs supply signatures, should we accept
>      those instead of or as well as linux-firmware signatures?

Yes, definitely. And in fact that ties in to separate discussions we've
been having about how to automatically *obtain* certain firmware
images, which are signed by Microsoft's AuthentiCode scheme.

People were talking about how to validate those signatures in userspace
when we obtain the firmware. But really, they should be carried all the
way through and validated in the kernel too.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@intel.com                              Intel Corporation