Re: Should we automatically generate a module signing key at all?

From: David Woodhouse
Date: Tue May 19 2015 - 16:00:54 EST

Next message: Luis R. Rodriguez: "[RFD] linux-firmware key arrangement for firmware signing"
Previous message: Jens Axboe: "Re: [Regression] Guest fs corruption with 'block: loop: improve performance via blk-mq'"
In reply to: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Next in thread: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2015-05-19 at 11:49 -0700, Andy Lutomirski wrote:
>
> If we use hashes instead of signatures on in-tree modules (at least in
> the case where no long-term key is provided), then generation of the
> temporary signing key stops being an issue because there is no longer
> a temporary signing key.

With signatures I can make a one-line change to a module and rebuild it,
and still load it without having to rebuild my vmlinux to 'permit' it.

My signing key is valid for as long as I *choose* it to be valid.

I appreciate why that's a problem in your scenario, but it's a valid and
useful feature of signatures, and I don't think we can just abandon it.

--
dwmw2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Luis R. Rodriguez: "[RFD] linux-firmware key arrangement for firmware signing"
Previous message: Jens Axboe: "Re: [Regression] Guest fs corruption with 'block: loop: improve performance via blk-mq'"
In reply to: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Next in thread: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]