On Tue, 18 Sep 2012 18:34:12 +0100
David Howells <dhowe...@redhat.com> wrote:

> Alan Cox <a...@lxorguk.ukuu.org.uk> wrote:
> 
> > Why do this in the kernel.That appears to be completely insane.
> 
> A number of reasons:
> 
>  (1) The UEFI signature/key database may contain ASN.1 X.509 certificates and
>      we may need to use those very early in the boot process, during initrd.

Ok that makes some sense. Presumably they've also got to fall within what
you trust and sign ?

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to