...kernel module signing on x86??? Why?
Alan Cox
alan at lxorguk.ukuu.org.uk
Sat Mar 10 12:44:25 UTC 2012
> I hope the developers reconsider the decision to put extra "locks"
> where they are not needed at all.
a) module signing is just a feature you can use if you want
b) it's not really a lock. It's only a lock if you decide to enforce
module signature checking and not add any keys of your own
c) if you build a kernel you own the keys so you can lock it to just what
you want. That to many users is quite a valuable tool.
Plus of course in its most basic mode of a distro with signing
enforcement as shipped it completely and utterly shafts various dubious
non GPL out of tree modules 8)
Alan
More information about the users
mailing list