Re: Should we automatically generate a module signing key at all?

From: David Howells
Date: Tue May 19 2015 - 08:52:15 EST

Next message: Arnd Bergmann: "[PATCH] drm/nouveau/platform: add IOMMU dependency"
Previous message: Anatolij Gustschin: "Re: [PATCH] [RFC] ads7846: force driver to work with ads7845"
In reply to: David Woodhouse: "Re: Should we automatically generate a module signing key at all?"
Next in thread: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:

> Then when one module is loaded, we also have to pass in a table containing
> all the other sha256's. The kernel checks the sha256 of what's being loaded,
> checks it matches what's in the table that was also loaded. And then
> validates the integrity of that table.

That's basically Andy's idea with a special module containing the table. But
unless you want to reload the table every time you load a module, you haven't
gained anything.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnd Bergmann: "[PATCH] drm/nouveau/platform: add IOMMU dependency"
Previous message: Anatolij Gustschin: "Re: [PATCH] [RFC] ads7846: force driver to work with ads7845"
In reply to: David Woodhouse: "Re: Should we automatically generate a module signing key at all?"
Next in thread: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]