Mitch Bradley wrote: > From a security standpoint, there is an advantage to building in > everything. The main kernel is verified with a crypto signature before > it is executed. Loading a module without first verifying a > similarly-strong signature weakens the security. > > Modules are a good idea for kernels that are intended to run on a wide > variety of hardware. I am in favor of treating XO like an appliance and > making the kernel as monolithic as possible.
Uh-oh... Does our security system really depend on this? Reducing the number of modules is not going to help, because you only need to load a single module to tap into the kernel. Building everything statically and disabling module loading is also not an option if you want half decent support for USB devices. Note that USB also brings in SCSI, DVB, and a lot more. -- \___/ |___| Bernardo Innocenti - http://www.codewiz.org/ \___\ One Laptop Per Child - http://www.laptop.org/ _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
