Re: [GIT PULL] Load keys from signed PE binaries
From: Matthew Garrett
Date: Thu Feb 21 2013 - 13:12:09 EST
On Thu, Feb 21, 2013 at 10:03:20AM -0800, Linus Torvalds wrote:
> Seriously, if somebody wants to make a binary module for Fedora 18 or
> whatever, they should go to Red Hat and ask whether RH is willing to
> sign their key. And the whole "no, we only think it makes sense to
> trust MS keys" argument is so f*cking stupid that if somebody really
> brings that up, I can only throw my hands up and say "whatever".
MS have infrastructure to do identity verification and actually run some
kind of vaguely responsible CA, and I don't trust Red Hat to be able to
do that. And if the machine's carrying Microsoft's key in its firmware
then you *already* trust Microsoft, because if the bad guy can get
something signed by them then he's already just replaced your bootloader
instead of pissing about inserting modules. Using the hardware keys as
the root of trust makes practical sense.
> Besides, let's face it, Red Hat is going to sign the official nVidia
> and AMD binary modules anyway. Don't even bother to pretend anything
> else.
I don't think there's any chance of them signing modules. But it's a
given that RHEL's going to end up trusting keys owned by nvidia and amd
somehow, and chances are that's going to be based on the Microsoft
signing service. The question is whether there's a benefit in ensuring
that the same key is trusted by RHEL, Ubuntu, Suse and everyone else or
whether different kernels are going to have completely different
policies.
--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/