Re: [PATCH] Fix kexec forbidding kernels signed with custom platform keys to boot

From: Linus Torvalds
Date: Wed Aug 15 2018 - 17:14:42 EST

On Wed, Aug 15, 2018 at 2:08 PM Yannik Sembritzki <yannik@xxxxxxxxxxxxx> wrote:
> IMO, this is not okay. The layer of trust should extend from the bottom
> (user-provisioned platform key) up. Only trusting the kernel builtin key
> later on (wrt. kernel modules) contradicts this principal.

This module loading case is not about trusting the *key*.

This is about trusting the *build system*.

For example, I build my kernels with one single randomly generated key
(that gets deleted afterwards). The modules get built with that key

No amount of added keys later will make a module valid to load.