| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 May 2015 15:19:01 -0700 From: Andy Lutomirski <luto@...capital.net> To: David Howells <dhowells@...hat.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, George Spelvin <linux@...izon.com>, David Woodhouse <dwmw2@...radead.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, LSM List <linux-security-module@...r.kernel.org>, petkan@...-labs.com, "Theodore Ts'o" <tytso@....edu>, Mimi Zohar <zohar@...ux.vnet.ibm.com> Subject: Re: Should we automatically generate a module signing key at all? On Fri, May 22, 2015 at 3:15 PM, David Howells <dhowells@...hat.com> wrote: > Linus Torvalds <torvalds@...ux-foundation.org> wrote: > >> I forget the exact details of the signature ..., but for the modules >> themselves, it's just appended to the module contents. > > Yes. > >> And because the size of the certificate list is variable, you can't just >> zero it out or anything like that to make things compare equal. > > Since it's discarded at the end of boot, it could be padded significantly. If you use the hash tree approach, the size of the thing in bzImage is constant. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists