Re: [PATCH 0/6] MODSIGN: Kernel module signing

From: Valdis . Kletnieks
Date: Thu Feb 15 2007 - 15:35:40 EST

Next message: John Keller: "[PATCH 1/1] - acpi_unload_table_id() always returns error"
Previous message: Sergei Shtylyov: "Re: [PATCH] serial driver PMC MSP71xx, kernel linux-mips.git master"
In reply to: Dave Jones: "Re: [PATCH 0/6] MODSIGN: Kernel module signing"
Next in thread: Andreas Gruenbacher: "Re: [PATCH 0/6] MODSIGN: Kernel module signing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 14 Feb 2007 22:14:53 PST, Andreas Gruenbacher said:
> I agree, that's really what should happen. We solve this by marking modules as
> supported, partner supported, or unsupported, but in an "insecure" way, so
> partners and users could try to fake the support status of a module and/or
> remove status flags from Oopses, and cryptography wouldn't save us.

Where cryptography *can* save you is that a partner or user can't fake a
'Suse Supported' signature without access to the Suse private key.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: John Keller: "[PATCH 1/1] - acpi_unload_table_id() always returns error"
Previous message: Sergei Shtylyov: "Re: [PATCH] serial driver PMC MSP71xx, kernel linux-mips.git master"
In reply to: Dave Jones: "Re: [PATCH 0/6] MODSIGN: Kernel module signing"
Next in thread: Andreas Gruenbacher: "Re: [PATCH 0/6] MODSIGN: Kernel module signing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]