This change concerns me slightly since it marks all embedded images as trusted,
which is a potential relaxation of security. I can't immediately think of a
situation in which a user would want to explicitly imgverify an embedded image,
but that doesn't mean that such a situation does not exist.
I would prefer a change with lower impact, such as setting only the selected
(i.e. first) image as trusted. The most obvious place to do this is after the
existing call to image_select() has succeeded.
Please use the image_trust() wrapper function to set the flag, since this will
guarantee future compatibility with anything else that image_trust() may be
updated to do (e.g. generating logging messages).
Lastly, please reword the commit shortlog as e.g. "[image] Implicitly trust
first embedded image" (i.e. using the active voice), to match the existing
style.
Thanks,
Michael
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/100#issuecomment-567219086
_______________________________________________
ipxe-devel mailing list
ipxe-devel@lists.ipxe.org
https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
