...kernel module signing on x86??? Why?
Joshua C.
joshuacov at googlemail.com
Fri Mar 9 10:41:09 UTC 2012
2012/3/9 Alan Cox <alan at lxorguk.ukuu.org.uk>:
> On Fri, 9 Mar 2012 11:07:55 +0100
...
> will be locked down by default and require some undefined
> screwing around to unlock. For x86 the spec currently does require they
> can be unlocked...
...
> Module signing itself isn't just useful for that though - its a matter of
> who owns the key and you can do your own module signing with your own key
> irrespective of the bogus 'secure boot' stuff.
>
> In theory you can even stuff said keys into the TPM and do very clever
> tricks with them.
>
> Alan
I fully agree with you but the question is "Why should we do this on
linux?" Let the windoof people do whatever they want... You see that
the module signing is more a less a measure against the so called
"windows OEM-SLP activation with modded bootloaders". I don't see any
benefit for linux but an extra burden to have to find ways to unlock
this bogus 'secure boot' stuff.
--joshua
More information about the users
mailing list