|
Authored by: Anonymous on Sunday, March 03 2013 @ 03:30 PM EST |
The problem Linus has with this is placing the key verification for signed
modules in the kernel, when it could equally well be implemented in user space.
That is not to say RedHat's solution to module signing could be implemented in
user space, but Linus' answer to that argument was that RedHat's approach was
fundamentally flawed in any instance as it does rely on a single central key
which will invariably be broken at some stage. As a result, anything signed by
that key (shim loader, kernel, ...) would no longer be possible to load once the
key has been revoked.
Linus' suggestion involved signing each batch of modules/distro release/whatever
by a single throwaway private key, and have the user/kernel store the
corresponding public key in the firmware.
Where it all gets extremely complicated is whether or not this will work without
some sort of physical presence check to confirm the key is trusted. Can't see
operators of server farms stand for this, really.
-- mschmitz (not logged in)
[ Reply to This | Parent | # ]
|
- I agree with you - Authored by: Anonymous on Sunday, March 03 2013 @ 11:16 PM EST
|
|
|
|