Bernardo Innocenti wrote: > Mitch Bradley wrote: > > >> From a security standpoint, there is an advantage to building in >> everything. The main kernel is verified with a crypto signature before >> it is executed. Loading a module without first verifying a >> similarly-strong signature weakens the security. >> >> Modules are a good idea for kernels that are intended to run on a wide >> variety of hardware. I am in favor of treating XO like an appliance and >> making the kernel as monolithic as possible. >> > > Uh-oh... Does our security system really depend on this? > > Reducing the number of modules is not going to help, because > you only need to load a single module to tap into the kernel. > > Building everything statically and disabling module loading > is also not an option if you want half decent support for > USB devices. Note that USB also brings in SCSI, DVB, and > a lot more. >
I would argue that support for some reasonable subset of important USB devices - e.g. mass storage, network, and HID - should be compiled-in and we should support the rest of the wide world of USB from userland, e.g. with libusb. _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel