[Ksummit-discuss] Last minute nominations: mcgrof and toshi

Andy Lutomirski luto at amacapital.net
Tue Aug 2 18:55:52 UTC 2016


On a related topic: last year or so, I argued that
CONFIG_MODULE_SIG_ALL and, more generally, the idea that in-tree
modules should be signed, is a suboptimal design.  Instead, I think
that the kernel shoud just learn to recognize its in-tree modules by
hash.  This would allow reproducible builds, get rid of the
autogenerated key, and would allow distros that don't support binary
modules to avoid needing the asymmetric key infrastructure at all (for
modules, anyway -- firmware is a different story.  But a firmware
signing key doesn't interfere with the kernel build process the way
that an in-tree module signing key does.)

On the theory that code speaks louder than vitriol, I decided to try
to implement it.  The actual code is trivial (I expect under 50 lines
*total* for the compile-time and run-time parts together), but
convincing make to build the thing is a real pain in the arse.

So expect code from me before KS unless I really get stuck fighting
kbuild.  And, unless anyone objects, I intend to propose that we
delete CONFIG_MODULE_SIG_ALL entirely once this thing works.

--Andy


More information about the Ksummit-discuss mailing list