On Mon, 2015-07-27 at 23:43 +0100, David Howells wrote: > > PKCS#7: Require authenticated attributes > > Require there to be authenticated attributes in the PKCS#7/CMS message so > that an attacker can't drop them to provide greater opportunity for > manipulating the message.
There doesn't seem to be a lot of point in this part. If the authenticated attribute isn't being *checked*, then the attacker doesn't need to drop it at all. There's no point in merely requiring its *existence*. As part of the firmware signatures, if we are asked to check the filename then yes we should require it to be present *and* match. But if we aren't checking (which we can't for modules since we don't know what's being loaded), why require it to be present at all? -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
