On Mon, Jan 04, 2016 at 12:31:58PM -0800, Kees Cook wrote: > On Wed, Dec 23, 2015 at 1:34 PM, Luis R. Rodriguez > <mcg...@do-not-panic.com> wrote: > > In order to try to help phase out user mode helpers this makes no use of > > the old user mode helper code *at all*, and if we wish to can easily > > phase this code out with time then. > > So these are basically wrappers around the existing firmware loading routines?
No, Greg has noted we cannot get rid of the usermode helper [0]. In fact at kernel summit he mentioned there are a series of upcoming valid users who seem to *want* it. Even Linus has called for deprecating the usermode helper [1] entirely if possible. This work tries to enable such prospects despite some needing the usermode helper by enabling callers that *need* the usermode helper to use the crappy usermode helper and letting us slowly dig that into a dark corner. This paves the path with a shiny extensible API with prospects of future features (fw signingin will be one) without use of the usermode helper at all, the extensible API enables new extensions by avoiding unnecessary collateral evolutions as this code / features get added. This provides a clean an way to enable folks who do wish to deprecate and the usermode helper to do so and provides carrots for doing that. [0] https://marc.info/?i=20151006090821.GB9030%40kroah.com [1] https://marc.info/?l=linux-kernel&m=144095832412928 Luis