On Tue, 2015-07-28 at 09:10 -0700, James Bottomley wrote:
> 
> > Sure, but we shouldn't stick the USB vendor's key into the system
> > keyring.  I'm fine with having it in the kernel or in some database,
> > though.
> 
> Actually, I don't think we should have a general system keyring for
> firmware.  We need driver specific ones, so the USB vendor key is *only*
> trusted for that particular driver.  Putting vendor keys into our
> general keyring would be a recipe for inviting abuse.

We need both.

Where a firmware is signed by the vendor, the request_firmware() call
itself can provide the hash of the acceptable signing cert. (And we'll
want to handle the firmware we get with MS AuthentiCode signatures on
them in a separate .cat file, as discussed.)

In the case where firmware *doesn't* have a valid signature that comes
all the way from the vendor, a signature that just says "this is what
was in the linux-firmware.git tree" is better than nothing, and *that*
cert can be in the system trusted keyring.

-- 
dwmw2