lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Dec 2011 12:42:36 +0100 From: Arkadiusz Miśkiewicz <a.miskiewicz@...il.com> To: David Howells <dhowells@...hat.com> Cc: jmorris@...ei.org, linux-security-module@...r.kernel.org, keyrings@...ux-nfs.org, linux-kernel@...r.kernel.org, dmitry.kasatkin@...el.com, zohar@...ux.vnet.ibm.com, arjan@...ux.intel.com, alan@...rguk.ukuu.org.uk Subject: Re: [GIT PULL] Crypto keys and module signing On Wed, Dec 7, 2011 at 3:47 PM, David Howells <dhowells@...hat.com> wrote: > > Hi James, > > Could you pull my module signing code into the security tree? The patches can > be viewed here: > > http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/devel If I understand it is not possible to sign modules after they are built and load keys without actually rebuilding kernel? For distro kernel the public and secret keys have to be available publicly, right? Otherwise people using distro kernels won't be able to build own signed modules for use with that distro kernel. Then I as admin have to rebuild the kernel to get my own keys in and prevent other, "unapproved" modules to be loaded. Correct? Would be nice if the modules could be signed/re-signed after being build and prehaps kernel could load keys from initramfs? Then everyone could use own keys on distro kernels without need to rebuild the thing. I think I'm missing something :) -- Arkadiusz Miśkiewicz -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists