On Mon, Feb 11, 2013 at 1:12 AM, Douglas Freed <dwfr...@mtu.edu> wrote: > How does having additional firmware installed affect security at all? > Firmware is only loaded when specifically requested by a loaded driver that > needs to use it, and only if that driver is actually in use. That's like > saying a file that can only be written to by root, only normally read when > it's specifically needed, and if for some stupid reason is executed by an > unprivileged process will just result in a crash, affects security (hint: I > just described firmware).
I can play captain obvious, too. Regardless, having to explicitly enable firmware based on need (e.g., after installing a wireless card) provides for more security. For instance, the user can opt to not enable the firmware and not use the card, if he doesn't trust manufacturer's software development process. If only the firmware that is actually used is installed, it is easier to go over it and review its security. Some firmware has multiple subversions, with the kernel being able to use any of them; some may be more trusted than others. Some firmware may be unnecessary for correct functioning of hardware, but is still loaded when available. All of these are valid reasons for not installing all possible firmware. Don't assume that your use case is identical to everyone else's. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte
