Re: [PATCH RFC 2/2] module: Introduce hash-based integrity checking

From: Arnout Engelen
Date: Thu Jan 09 2025 - 05:52:44 EST

Next message: Anastasia Belova: "[PATCH] clk: qcom: clk-rpmh: add explicit casting in clk_rpmh_bcm_recalc_rate"
Previous message: David Sterba: "Re: [PATCH v2 08/14] btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents"
In reply to: Luis Chamberlain: "Re: [PATCH RFC 2/2] module: Introduce hash-based integrity checking"
Next in thread: Luis Chamberlain: "Re: [PATCH RFC 2/2] module: Introduce hash-based integrity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 3 Jan 2025 17:37:52 -0800, Luis Chamberlain wrote:
> What distro which is using module signatures would switch
> to this as an alternative instead?

In NixOS, we disable MODULE_SIG by default (because we value
reproducibility over having module signatures). Enabling
MODULE_HASHES on systems that do not need to load out-of-tree
modules would be a good step forward.

Kind regards,

Arnout Engelen

Next message: Anastasia Belova: "[PATCH] clk: qcom: clk-rpmh: add explicit casting in clk_rpmh_bcm_recalc_rate"
Previous message: David Sterba: "Re: [PATCH v2 08/14] btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents"
In reply to: Luis Chamberlain: "Re: [PATCH RFC 2/2] module: Introduce hash-based integrity checking"
Next in thread: Luis Chamberlain: "Re: [PATCH RFC 2/2] module: Introduce hash-based integrity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]