On Wed, Jun 20, 2018 at 10:58 AM Jonathan T. Looney <j...@freebsd.org> wrote: > > On Tue, Jun 19, 2018 at 8:34 PM Conrad Meyer <c...@freebsd.org> wrote: >> >> Please revert this patchset. It's not ready. > > > I'm not sure I understand the need to revert the patches. They may need some > refinement, but they also do provide some functionality upon which you can > build the tooling that Simon discussed. > > Unless I missed something, this feature only impacts the system when it is > specifically compiled in. In cases like that, I think its reasonable to give > the committer some time to refine them in place prior to the code > slush/freeze, at which point we can decide what to do.
+1 for all points. I do agree with others that SHA-1 support should not be included (unless I have missed something, but I think firmware integrity check counts as a "Digital signature" verification, according to SP 800-131A "9 Hash algorithms", SHA-1 verification should only be used for legacy usage, which does not apply on FreeBSD because this is new feature). But even that, given the code only impacts systems that have it explicitly compiled in, it's reasonable to give the committer more time to make further improvements rather than reverting it as a whole as this would give the code more exposure. Cheers, _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
