> I am curious though, is the above notion of having hardware require signed > firmware an implication brought down by UEFI? If so do you have any pointers > to where this is stipulated? Or is it just a best practice we assume some > manufacturers are implementing?
It's a mix of best practice and meeting the so called 'secure boot' requirements. In the non Linux space exactly the same problems exist in terms of trusting devices and firmware, building a root of trust and even more so when producing 'hardened' platforms. Some stuff isn't - USB devices for example don't get to pee on random memory so often isn't signed. Alan
