On Mon, Nov 13, 2017 at 1:44 PM, David Howells <dhowe...@redhat.com> wrote: > > Whilst that may be true, we either have to check signatures on every bit of > firmware that the appropriate driver doesn't say is meant to be signed or not > bother.
I vote for "not bother". Seriously, if you have firmware in /lib/firmware, and you don't trust it, what the hell are you doing? Oh, it's one of those "let's protect people from themselves, so that they can't possibly break Disney^W^W be terrorists - but but the children" things again, isn't it? Watch me care. Linus