Re: [PATCH RFC 2/2] module: Introduce hash-based integrity checking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jan 04, 2025 at 07:30:39AM +0100, Thomas Weißschuh wrote:
> Hi Luis,
> 
> On 2025-01-03 17:37:52-0800, Luis Chamberlain wrote:
> > On Wed, Dec 25, 2024 at 11:52:00PM +0100, Thomas Weißschuh wrote:
> > > diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
> > > index 7b329057997ad2ec310133ca84617d9bfcdb7e9f..57d317a6fa444195d0806e6bd7a2af6e338a7f01 100644
> > > --- a/kernel/module/Kconfig
> > > +++ b/kernel/module/Kconfig
> > > @@ -344,6 +344,17 @@ config MODULE_DECOMPRESS
> > >  
> > >  	  If unsure, say N.
> > >  
> > > +config MODULE_HASHES
> > > +	bool "Module hash validation"
> > > +	depends on !MODULE_SIG
> > 
> > Why are these mutually exclusive? Can't you want module signatures *and*
> > this as well? What distro which is using module signatures would switch
> > to this as an alternative instead? The help menu does not clarify any of
> > this at all, and neither does the patch.
> 
> The exclusivity is to keep the initial RFC patch small.
> The cover letter lists "Enable coexistence with MODULE_SIG" as
> a further improvement.

Looking forward to that.

> In general this MODULE_HASHES would be used by distros which are
> currently using the build-time generated signing key with
> CONFIG_MODULE_SIG_KEY=certs/signing_key.pem.

The Kconfig needs to describe this, otherwise no one would sensibly
enable this.

> More concretely the Arch Linux team has expressed interest.

Interest sure, but will it be used? If not there is no point to this.
What do the other distro have to think about this?

  Luis




[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux