Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down

From: James Morris
Date: Fri Mar 08 2019 - 18:00:47 EST

Next message: Mike Kravetz: "Re: [PATCH 2/2] hugetlb: use same fault hash key for shared and private mappings"
Previous message: James Morris: "[GIT PULL] security: tpm subsystem updates for v5.1"
Next in thread: Matthew Garrett: "Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 6 Mar 2019, Matthew Garrett wrote:

> From: David Howells <dhowells@xxxxxxxxxx>
>
> If the kernel is locked down, require that all modules have valid
> signatures that we can verify.

Perhaps note that this won't cover the case where folk are using DM-Verity
with a signed root hash for verifying kernel modules.

--
James Morris
<jmorris@xxxxxxxxx>

Next message: Mike Kravetz: "Re: [PATCH 2/2] hugetlb: use same fault hash key for shared and private mappings"
Previous message: James Morris: "[GIT PULL] security: tpm subsystem updates for v5.1"
Next in thread: Matthew Garrett: "Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]