Re: [GIT PULL] Load keys from signed PE binaries

From: Florian Weimer
Date: Mon Feb 25 2013 - 09:46:26 EST


* Peter Jones:

> I just want to make sure this doesn't go unresponded to - Red Hat
> will not sign kernel modules built by an outside source. We're simply
> not going to sign these kernel modules. That's one of the big reasons
> we want a setup where they can sign their own modules in the first place.

You could just drop the requirement that ring 0 code must be signed.
I don't think Windows 8 enforces this, but I'm not yet sure if there
is a physical presence check before you can enter a mode in which
Windows loads self-signed kernel modules.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/