Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking

Next message: Mika Westerberg: "Re: [PATCH v6 2/2] i2c: designware-platdrv: fix cleanup on probe failure"
Previous message: Qingfang Deng: "[PATCH net-next v2] ppp: remove ppp-&gt;closing check"
In reply to: Eric Biggers: "Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking"
Next in thread: Eric Biggers: "Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Howells

Date: Mon Feb 02 2026 - 04:25:16 EST

Eric Biggers <ebiggers@xxxxxxxxxx> wrote:

> With that being the case, why is there still effort being put into
> adding more features to module signing? I would think efforts should be
> focused on hash-based module authentication, i.e. this patchset.

Because it's not just signing of modules and it's not just modules built with
the kernel. Also a hash table just of module hashes built into the core
kernel image will increase the size of the kernel by around a third of a meg
(on Fedora 43 and assuming SHA512) with uncompressible data.

David