Hash-Based Integrity Checking Proposed For Linux To Help With Reproducible Builds

Written by Michael Larabel in Linux Kernel on 26 December 2024 at 06:00 AM EST. Add A Comment
LINUX KERNEL
An interesting request for comments (RFC) patch series was posted on Christmas for introducing hash-based integrity checking to help with the reproducible builds initiative around the Linux kernel.

Linux developer Thomas Weißschuh who has been involved with Linux laptop improvements and other kernel enhancements posted the RFC patches for hash-based integrity checking. Weißschuh explained the work and summed it up rather well in the patch cover letter:
"The current signature-based module integrity checking has some drawbacks in combination with reproducible builds: Either the module signing key is generated at build time, which makes the build unreproducible, or a static key is used, which precludes rebuilds by third parties and makes the whole build and packaging process much more complicated. Introduce a new mechanism to ensure only well-known modules are loaded by embedding a list of hashes of all modules built as part of the full kernel build into vmlinux."

This would be of big help for the reproducible builds initiative for being able to carry out bit-for-bit independently-verifiable path from source code to binaries.

There remain some open design questions and other features that could be tacked onto this hash-based integrity checking for kernel modules but those interested can find the patches via this kernel mailing list thread.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week