| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <s5h7gpz9hc0.wl%tiwai@suse.de> Date: Tue, 06 Nov 2012 11:05:51 +0100 From: Takashi Iwai <tiwai@...e.de> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: Josh Boyer <jwboyer@...il.com>, Matthew Garrett <mjg59@...f.ucam.org>, joeyli <jlee@...e.com>, Jiri Kosina <jkosina@...e.cz>, David Howells <dhowells@...hat.com>, Rusty Russell <rusty@...tcorp.com.au>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org Subject: Re: [PATCH RFC 0/4] Add firmware signature file check At Tue, 6 Nov 2012 09:20:19 +0000, Alan Cox wrote: > > > But how would distro sign modules that are built externally? > > It should be the pretty same situation. > > I would start with the "would" and lawyers and liability and then stop > worrying about the how. Absent someone actually intending to do it and > saying so. Well, what I meant for external built modules are not about things like nvidia, but rather normal (legal) drivers or updated modules that are built from out-of-kernel source. I'm sure that distros will provide such update module packages on the secure boot system, too. So, discussing about "how" isn't so bad even for now, since this shall be anyway mandatory (for distros) once when the module signing is deployed. Takashi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists