lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2316630.1769965788@warthog.procyon.org.uk>
Date: Sun, 01 Feb 2026 17:09:48 +0000
From: David Howells <dhowells@...hat.com>
To: =?UTF-8?q?Mihai-Drosi=20C=C3=A2ju?= <mcaju95@...il.com>
Cc: dhowells@...hat.com, linux@...ssschuh.net, arnd@...db.de,
    arnout@...t.net, atomlin@...mlin.com, bigeasy@...utronix.de,
    chleroy@...nel.org, christian@...sel.eu, corbet@....net,
    coxu@...hat.com, da.gomez@...nel.org, da.gomez@...sung.com,
    dmitry.kasatkin@...il.com, eric.snowberg@...cle.com,
    f.gruenbichler@...xmox.com, jmorris@...ei.org, kpcyrd@...hlinux.org,
    linux-arch@...r.kernel.org, linux-doc@...r.kernel.org,
    linux-integrity@...r.kernel.org, linux-kbuild@...r.kernel.org,
    linux-kernel@...r.kernel.org, linux-modules@...r.kernel.org,
    linux-security-module@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
    lkp@...el.com, maddy@...ux.ibm.com, mattia@...reri.org,
    mcgrof@...nel.org, mpe@...erman.id.au, nathan@...nel.org,
    naveen@...nel.org, nicolas.bouchinet@....cyber.gouv.fr,
    nicolas.schier@...ux.dev, npiggin@...il.com, nsc@...nel.org,
    paul@...l-moore.com, petr.pavlu@...e.com, roberto.sassu@...wei.com,
    samitolvanen@...gle.com, serge@...lyn.com, xiujianfeng@...wei.com,
    zohar@...ux.ibm.com
Subject: Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking

Mihai-Drosi Câju <mcaju95@...il.com> wrote:

> > The current signature-based module integrity checking has some drawbacks
> in combination with reproducible builds. Either the module signing key
> is generated at build time, which makes the build unreproducible, or a
> static signing key is used, which precludes rebuilds by third parties
> and makes the whole build and packaging process much more complicated.

There is another issue too: If you have a static private key that you use to
sign modules (and probably other things), someone will likely give you a GPL
request to get it.

One advantage of using a transient key every build and deleting it after is
that no one has the key.

One other thing to remember: security is *meant* to get in the way.  That's
the whole point of it.

However, IANAL.

David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ