On Sat, Mar 09, 2019 at 12:40:01PM +0100, Geert Uytterhoeven wrote: > > Signing keys should be kept secure, or better yet, just deleted entirely > > after creating and signing with them. That's what I do for my kernels > > and I'm pretty sure that some distros also do this. That way there's no > > chance that someone else can sign a module and have it loaded without > > detection, which is what signing is supposed to prevent from happening. > > If you want that kind of security, there's no point in allowing to extend the > kernel by building more kernel modules after deployment. That's not what these files are for (in the original user's case). They want these for doing tracing/ebpf stuff, which require kernel headers to build against. > "Raw kernel headers also cannot be copied into the filesystem like they > can be on other distros, due to licensing and other issues. There's no > linux-headers package on Android." > > What's the licensing issue? What's the (legal) difference between having > the headers on the file system, and having a kernel module including the > headers on the file system? There is no licensing issue, see my follow-up comment about that. It's all in ease-of-use here. You want to build a trace function against a running kernel, and now you have the header files for that specific kernel right there in the kernel itself to build against. It doesn't get easier than that. thanks, greg k-h