On Tue, 18 Sep 2012 18:34:12 +0100 David Howells <[email protected]> wrote:
> Alan Cox <[email protected]> wrote: > > > Why do this in the kernel.That appears to be completely insane. > > A number of reasons: > > (1) The UEFI signature/key database may contain ASN.1 X.509 certificates and > we may need to use those very early in the boot process, during initrd. Ok that makes some sense. Presumably they've also got to fall within what you trust and sign ? Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
