On Thu, 20 Sep 2012, Kees Cook wrote: > Earlier proposals for appending signatures to kernel modules would not be > useful in Chrome OS, since it would involve adding an additional set of > keys to our kernel and builds for no good reason: we already trust the > contents of our root filesystem. We don't need to verify those kernel > modules a second time. Having to do signature checking on module loading > would slow us down and be redundant. All we need to know is where a > module is coming from so we can say yes/no to loading it.
Just out of interest, has anyone else expressed interest in using this feature? -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/