Re: [PATCH RFC 2/2] module: Introduce hash-based integrity checking

From: Fabian Grünbichler
Date: Mon Jan 13 2025 - 04:16:00 EST

Next message: Colin Ian King: "[PATCH][next] net: phy: dp83822: Fix typo "outout" -> "output""
Previous message: Ciprian Marian Costea: "Re: [PATCH v4 1/4] arm64: dts: s32g: add 'I2C' common board support"
In reply to: Petr Pavlu: "Re: [PATCH RFC 2/2] module: Introduce hash-based integrity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On January 4, 2025 2:37 am, Luis Chamberlain wrote:
> On Wed, Dec 25, 2024 at 11:52:00PM +0100, Thomas Weißschuh wrote:
>> diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
>> index 7b329057997ad2ec310133ca84617d9bfcdb7e9f..57d317a6fa444195d0806e6bd7a2af6e338a7f01 100644
>> --- a/kernel/module/Kconfig
>> +++ b/kernel/module/Kconfig
>> @@ -344,6 +344,17 @@ config MODULE_DECOMPRESS
>>
>> If unsure, say N.
>>
>> +config MODULE_HASHES
>> + bool "Module hash validation"
>> + depends on !MODULE_SIG
>
> Why are these mutually exclusive? Can't you want module signatures *and*
> this as well? What distro which is using module signatures would switch
> to this as an alternative instead? The help menu does not clarify any of
> this at all, and neither does the patch.

FWIW, I think we (Proxmox, a Debian derivative) would consider switching
to MODULE_HASHES for the modules shipped with our kernel packages, once
MODULE_HASHES does not conflict with user/MOK-signatures on DKMS- or
manually-built modules. we do prefer reproducible builds, but
extensibility via third-party modules is an important use case for us
(and I except many other more general purpose distros).

Next message: Colin Ian King: "[PATCH][next] net: phy: dp83822: Fix typo "outout" -> "output""
Previous message: Ciprian Marian Costea: "Re: [PATCH v4 1/4] arm64: dts: s32g: add 'I2C' common board support"
In reply to: Petr Pavlu: "Re: [PATCH RFC 2/2] module: Introduce hash-based integrity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]