Eric Biggers <[email protected]> wrote: > With that being the case, why is there still effort being put into > adding more features to module signing? I would think efforts should be > focused on hash-based module authentication, i.e. this patchset.
Because it's not just signing of modules and it's not just modules built with the kernel. Also a hash table just of module hashes built into the core kernel image will increase the size of the kernel by around a third of a meg (on Fedora 43 and assuming SHA512) with uncompressible data. David
