Announcement

Collapse
No announcement yet.

Signed Kernel Modules Support For Linux 3.7

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • phoronix
    started a topic Signed Kernel Modules Support For Linux 3.7

    Signed Kernel Modules Support For Linux 3.7

    Phoronix: Signed Kernel Modules Support For Linux 3.7

    One of the last merge requests that Linus Torvalds honored this past weekend prior to releasing Linux 3.7-rc1 as the modules pull, which added in module signing support for the Linux kernel...

    http://www.phoronix.com/vr.php?view=MTIwNzk

  • WorBlux
    replied
    Originally posted by droidhacker View Post
    What I would really like is a FORCE UNSIGNED option. If a module is signed, reject it because it was built by a stupid crackhead.

    "signed" does not mean "safe".
    But when properly used it does mean "as it was intended to be by the signatory"

    What exactly is wrong with saying, this is who I am and this is the module I approved via cryptographic means?

    Leave a comment:


  • jessioward
    replied
    it more secure or to lock down appliances to prevent consumers to fiddle with em.

    Leave a comment:


  • JanC
    replied
    Originally posted by uid313 View Post
    I wonder if this is to secure computers to make it more secure or to lock down appliances to prevent consumers to fiddle with em.
    Both. the same technology that allows you to prevent strangers, employees, kids, malware, or whatever to tamper with kernel modules, allows the manufacturer to do the same if they control the boot chain from the earliest level (it's what some of them have been doing for a long time anyway).

    Also sees what gQuigs says / links to (although this can be used & abused on systems without BIOS or UEFI too).
    Last edited by JanC; 10-20-2012, 01:41 PM.

    Leave a comment:


  • wargames
    replied
    Big bro

    Big Brother is cooooooooooomingggggggg ....

    Leave a comment:


  • gQuigs
    replied
    Secure boot or Restricted boot?

    https://www.fsf.org/campaigns/campai...estricted-boot

    Anyway, this support in the kernel is just another feature. Just like other security features, they can be used to lock-down what users can do. The real threat to this comes from the Motherboard/BIOS, if we can't load our own keys into it. If we can do that, they we can always just recompile the Linux Kernel.

    Leave a comment:


  • droidhacker
    replied
    What I would really like is a FORCE UNSIGNED option. If a module is signed, reject it because it was built by a stupid crackhead.

    "signed" does not mean "safe".

    Leave a comment:


  • Sonadow
    replied
    soo...how will this actually work?

    Let's say I got a notebook with a new AMD/Nvidia graphics card which I intend to run with the graphics driver blobs (fglrx and ForceWare) and a Broadcom wifi card which is only supported by the prorprietary wl driver.

    How will these blobs get signed? During the installation process? Or are there any tricks / hoops to jump through so that the installation will go through and the modules loaded properly?

    Leave a comment:


  • uid313
    replied
    I wonder...

    I wonder if this is to secure computers to make it more secure or to lock down appliances to prevent consumers to fiddle with em.

    Leave a comment:

Working...
X