Re: Should we automatically generate a module signing key at all?

From: David Howells
Date: Tue May 19 2015 - 08:52:15 EST


David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:

> Then when one module is loaded, we also have to pass in a table containing
> all the other sha256's. The kernel checks the sha256 of what's being loaded,
> checks it matches what's in the table that was also loaded. And then
> validates the integrity of that table.

That's basically Andy's idea with a special module containing the table. But
unless you want to reload the table every time you load a module, you haven't
gained anything.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/