Re: [PATCH V2] Allow configuring whether unsigned modules taint the kernel

From: Matthew Garrett
Date: Tue Feb 27 2018 - 16:14:57 EST

Next message: MichaÅ KÄpieÅ: "[PATCH 5/7] platform/x86: fujitsu-laptop: Tweak how constants are commented and laid out"
Previous message: Boris Brezillon: "Re: [PATCH v2 2/7] i3c: Add core I3C infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 20, 2018 at 2:51 PM Matthew Garrett <mjg59@xxxxxxxxxx> wrote:

> Distributions build kernels that are intended to satisfy multiple
> use-cases. One is that kernels must be usable in scenarios where module
> signing is required (such as many Secure Boot policies) and scenarios
> where it isn't (such as booting the same kernel on a legacy BIOS
> system). This requires that CONFIG_MODULE_SIG be set, but this causes a
> change in behaviour for the legacy platform case - loading an unsigned
> module now taints the kernel. This is a change in behaviour, and may
> cause users to file bugs, increasing distribution support load.

Sorry, just realised I sent the wrong version of this - I'll resend.

Next message: MichaÅ KÄpieÅ: "[PATCH 5/7] platform/x86: fujitsu-laptop: Tweak how constants are commented and laid out"
Previous message: Boris Brezillon: "Re: [PATCH v2 2/7] i3c: Add core I3C infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]