On Wed, Apr 6, 2022 at 10:23 AM Justin Forbes <jmforbes(a)linuxtx.org> wrote:
> Apple and Microsoft signing NVIDIA's proprietary driver
doesn't at all
> indicate Apple and Microsoft trust the driver itself. It is trusting
> the providence of the blob, in order to achieve an overall safer
> ecosystem for their users.
>
> We either want users with NVIDIA hardware to be inside the Secure Boot
> fold or we don't. I want them in the fold *despite* the driver that
> needs signing is proprietary. That's a better user experience across
> the board, including the security messaging is made consistent. The
> existing policy serves no good at all and is double talk. If we really
> care about security more than ideological worry, we'd sign the driver.
At the very least, it would require that Fedora have a separate key
that is trusted and not the same one used for shim/grub/kernel.
If Fedora is going to sign it, rather than improving the local signing
experience, absolutely it should be signed with a separate key. The
design should assume a revocation is going to happen at some point.
We
certainly aren't proposing that we use the standard Fedora keys to
sign a binary blob that runs in kernel space from a company who was
most recently hacked last month?
No way.
I don't think there's a mechanism for it, but I'd prefer Fedora sign
the 3rd party's key rather than their binary. Maybe it's a small
distinction at the end of the day.
--
Chris Murphy