...kernel module signing on x86??? Why?
Joel Rees
joel.rees at gmail.com
Sat Mar 10 03:05:27 UTC 2012
On Fri, Mar 9, 2012 at 7:58 PM, Joshua C. <joshuacov at googlemail.com> wrote:
> 2012/3/9 Alan Cox <alan at lxorguk.ukuu.org.uk>:
>>
>> So you can stop a third party tampering with the modules on your system,
>> while keeping the ability to do so yourself. It's all about who owns the
>> keys. If you own the keys it becomes a useful security feature to some
>> users.
>>
>> Alan
>
> Put in other words: You cannot do anything with the distro-realeased
> modules because they should be signed. If the distro key is "publicly"
> available then any third party can use it and sign his modules.
> So I have to recompile the whole kernel (all modules inclusive) and
> resign them with my own key so that only I can temper with them. In
> both cases I need to recomplie the kernel once again... just for
> nothing.
>
> Honestly I think this is an extra burden for the developers/people
> who modifiy often their kernels.
>
> --joshua
Another case of making things harder than they should be so that
ordinary people won't jump through the hoops, but more so that the
people with the money to sue with can use the threat of lawsuits
against the people who would dare act independently. As long as the
DMCS stands, people are going to keep re-inventing things to add
patented and copyrighted junk in an effort to force as many people as
possible into their revenue stream.
Waste the world away building a society of plenty, then lock it down
with artificial scarcity. So that they think they can make everyone
pay them to tell them what to do. Demigods and IP demagogues.
--
Joel Rees
More information about the users
mailing list