Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking

Next message: Al Viro: "Re: Orphan filesystems after mount namespace destruction and tmpfs &quot;leak&quot;"
Previous message: Maxime Chevallier: "Re: [PATCH v2 net] net: phy: change devlink flag to AUTOREMOVE_SUPPLIER for non-SFP PHYs"
In reply to: Eric Biggers: "Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking"
Next in thread: Eric Biggers: "Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Howells

Date: Mon Feb 02 2026 - 13:39:26 EST

Eric Biggers <ebiggers@xxxxxxxxxx> wrote:

> On Mon, Feb 02, 2026 at 09:21:19AM +0000, David Howells wrote:
> > Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> >
> > > With that being the case, why is there still effort being put into
> > > adding more features to module signing? I would think efforts should be
> > > focused on hash-based module authentication, i.e. this patchset.
> >
> > Because it's not just signing of modules
>
> Module signing is indeed about the signing of modules.

The signature verification stuff in the kernel isn't just used for modules.
kexec, for instance; wifi restriction database for another.

> > and it's not just modules built with the kernel.
>
> Could you give more details on this use case and why it needs
> signatures, as opposed to e.g. loading an additional Merkle tree root
> into the kernel to add to the set of allowed modules?

Because we don't want to, for example, include all the nvidia drivers in our
kernel SRPM.

David