Open osresearch opened 4 years ago
Note that this is about the computer owner signing the firmware that they want to be loaded; the device might also validate an OEM signature before loading the firmware. The owner wants to prevent rollback attacks to previous vulnerable versions, or if the device is not validating its own signatures, to a version that has been modified to try to bypass other security protections.
Wireless has something sort of similar that has signed modules for different countries. Not sure why this one has so much cryptography around it... https://wireless.wiki.kernel.org/en/developers/regulatory/crda
The kernel firmware loader potentially allows a root user to load untrusted firmware into devices in the system. This was discussed as a vulnerability back in 2015 https://lwn.net/Articles/645823/ although nothing was ever merged. Kernel modules have to be signed, so it makes sense that the same mechanism could be used.