On Wed, Aug 15, 2018 at 2:08 PM Yannik Sembritzki <yan...@sembritzki.me> wrote:
>
> IMO, this is not okay. The layer of trust should extend from the bottom
> (user-provisioned platform key) up. Only trusting the kernel builtin key
> later on (wrt. kernel modules) contradicts this principal.
This module loading case is not about trusting the *key*.
This is about trusting the *build system*.
For example, I build my kernels with one single randomly generated key
(that gets deleted afterwards). The modules get built with that key
too.
No amount of added keys later will make a module valid to load.
Linus
