|
Authored by: jjs on Sunday, March 03 2013 @ 04:19 PM EST |
Linux already handles signed modules. What it does NOT handle in the kernel is
sgned PE format modules - because that is WINDOWS format (linux uses ELF). The
only reason to support PE in the kernel is to use MS signed modules, because MS
will only sign PE format modules. Since Red Hat / distributors can, right now,
today, build and sign their own distros, and since the LF shim enables them to
put their keys into UEFI, only if they want to run non-kernel binaries (Nvidia,
etc) do they need any extra steps. Linus already presented Red Hat with an
option - Red Hat can sign the modules with their key. Of course, that means Red
Hat taking responsibility for that uncheckable module.
Alternatively, buy hardware that does not require binary modules. Pressure
hardware companies towork with kernel devs to ensure linux natively supports
their hardware.
---
(Note IANAL, I don't play one on TV, etc, consult a practicing attorney, etc,
etc)
[ Reply to This | Parent | # ]
|
|
|
|
|