Re: kmods and Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Josh Boyer wrote:
> If you are creating a cert to sign the out-of-tree modules and expect
> it to be accepted by the kernel, it cannot be ephemeral.  A user would
> need someway to import it into their kernel or have it passed from
> grub.  The only way to do so is to have it embedded in shim or the
> kernel during the build of those binaries.  I do not foresee Fedora
> creating yet another persistent key to sign things with, which means
> you would need another tool that can use the existing key in the
> kernel builders.

That just proves that Restricted Boot and especially our implementation of 
it (requiring kernel modules to be signed) is a very bad thing.

        Kevin Kofler
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux