On Jul 27, 2016 11:16 AM, "Stephen Hemminger" <stephen@networkplumber.org>
wrote:
>
> On Wed, 27 Jul 2016 14:04:06 +0000
> Jason Cooper <jason@lakedaemon.net> wrote:
>
> > Hi David,
> >
> > On Tue, Jul 26, 2016 at 03:42:18PM +0100, David Woodhouse wrote:
> > > On Sat, 2016-07-16 at 01:52 +0100, Mark Brown wrote:
> > > > On Fri, Jul 15, 2016 at 03:57:51PM -0400, Mimi Zohar wrote:
> > > >
> > > > > Oops, "Signature management - keys, modules, firmware" was a
> > > > > suggestion from last year, but in my opinion still very apropos.
> > > >
> > > > Yup, definitely - especially with secure boot starting to firm up on
> > > > the ARM side there's a bunch more interest in it from more embedded
> > > > applications.
> > >
> > > Are we going to propose this again "formally" (i.e. sufficiently
> > > clearly that the committee take note and consider it)?
> >
> > $subject modified.
> >
> > > If so, I would also be keen to participate.
> >
> > Myself as well.  I've often wondered about devicetree signing.  Since it
> > needs to be modified by the bootloader in a lot of cases (RAM size,
> > cmdline, etc), but a malicious modification would be to remove the TPM
> > node. :-)
>
> I am interested in this as well because of issues in creating secure
guests.
>

I'm interested in this, too.