| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <072b392f-8122-4e4f-9a94-700dadcc0529@app.fastmail.com> Date: Sat, 03 May 2025 10:19:17 +0200 From: "Arnout Engelen" <arnout@...t.net> To: "James Bottomley" <James.Bottomley@...senpartnership.com>, Thomas Weißschuh <linux@...ssschuh.net> Cc: "Masahiro Yamada" <masahiroy@...nel.org>, "Nathan Chancellor" <nathan@...nel.org>, "Arnd Bergmann" <arnd@...db.de>, "Luis Chamberlain" <mcgrof@...nel.org>, "Petr Pavlu" <petr.pavlu@...e.com>, "Sami Tolvanen" <samitolvanen@...gle.com>, "Daniel Gomez" <da.gomez@...sung.com>, "Paul Moore" <paul@...l-moore.com>, "James Morris" <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, "Jonathan Corbet" <corbet@....net>, "Madhavan Srinivasan" <maddy@...ux.ibm.com>, "Michael Ellerman" <mpe@...erman.id.au>, "Nicholas Piggin" <npiggin@...il.com>, "Christophe Leroy" <christophe.leroy@...roup.eu>, "Naveen N Rao" <naveen@...nel.org>, "Mimi Zohar" <zohar@...ux.ibm.com>, "Roberto Sassu" <roberto.sassu@...wei.com>, "Dmitry Kasatkin" <dmitry.kasatkin@...il.com>, "Eric Snowberg" <eric.snowberg@...cle.com>, "Nicolas Schier" <nicolas.schier@...ux.dev>, Fabian Grünbichler <f.gruenbichler@...xmox.com>, "Mattia Rizzolo" <mattia@...reri.org>, kpcyrd <kpcyrd@...hlinux.org>, "Christian Heusel" <christian@...sel.eu>, Câju Mihai-Drosi <mcaju95@...il.com>, linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, linux-modules@...r.kernel.org, linux-security-module@...r.kernel.org, linux-doc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org Subject: Re: [PATCH v3 0/9] module: Introduce hash-based integrity checking On Fri, May 2, 2025, at 15:30, James Bottomley wrote: > On Fri, 2025-05-02 at 08:53 +0200, Thomas Weißschuh wrote: > > Specifically the output of any party can recreate bit-by-bit > > identical copies of all specified artifacta previous build (the > > public key, module signatures) is not available during the rebuild or > > verification. > > You just strip the signatures before verifying reproducibility. If the goal is: "verify the Linux Kernel is reproducible", that could work. It gets increasingly cumbersome when you're trying to check the reproducibility of some larger artifact that embeds the Linux kernel (and lots of other stuff), like an ISO or disk image, though: you'd have to unpack/mount it, check all its contents individually (perhaps recursively), and strip signatures in 'just the right places'. Writing such tooling is a chore, but of course feasible: diffoscope already comes a long way (though checking large images may take some resources). The problem is trusting such tooling: instead of 'simply' checking the images are identical, suddenly I now have to convince myself there's no shenanigans possible in the disk image interpretation and other check tooling, which gets nontrivial fast. > All current secure > build processes (hermetic builds, SLSA and the like) are requiring > output provenance (i.e. signed artifacts). If you try to stand like > Canute against this tide saying "no signed builds", you're simply > opposing progress for the sake of it I don't think anyone is saying 'no signed builds', but we'd enjoy being able to keep the signatures as detached metadata instead of having to embed them into the 'actual' artifacts. Kind regards, Arnout
Powered by blists - more mailing lists