On Tue, 16 Dec 2014, Balbir Singh wrote: > Could you describe what this does to signing? I presume the patched > module should cause a taint on module signing? Hmm, why should it? - if module signatures are enforced on the system in question, the module with the patch itself has to be signed as well, otherwise it will not be loaded by the kernel at all in the first place - after the trusted (signed) module with the patch is loaded, this is in principle no way different than other self-modifications the kernel is performing all the time (static keys, alternatives, kprobes, ...) Yes, we are tainting a kernel, but for reasons completely unrelated to module signing. I actually think that module signing doesn't play any role whatsoever in what this patchset is doing. Thanks, -- Jiri Kosina SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe live-patching" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
