[Ksummit-discuss] [TOPIC] Secure/verified boot and roots of trust
Ben Hutchings
ben at decadent.org.uk
Wed Aug 3 23:01:56 UTC 2016
On Wed, 2016-08-03 at 09:46 -0700, Andy Lutomirski wrote:
[...]
> And it gets rid of the IMO extremely nasty temporary key. I
> personally think that reproducible builds would add considerable value
> to many use cases, and we currently can't simultaneously support
> reproducible builds and Secure Boot without a big mess involving
> trusted parties, and the whole point of reproducible builds is to
> avoid needed to trust the packager.
[...]
You need that trusted party to supply a signature for the kernel, so
why is it so much worse to have them do that for the modules as well?
As you may be aware, I'm dealing with this in Debian by putting
detached signatures into the source package that builds signed
binaries. The two package build processes are each reproducible (aside
from a recently discovered dependence on whether /bin/sh is bash or
dash).
Ben.
--
Ben Hutchings
Nothing is ever a complete failure; it can always serve as a bad
example.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxfoundation.org/pipermail/ksummit-discuss/attachments/20160804/f30dbfdd/attachment.sig>
More information about the Ksummit-discuss
mailing list