On 09/20/2012 07:22 PM, James Morris wrote: > On Thu, 20 Sep 2012, Kees Cook wrote: > >> Earlier proposals for appending signatures to kernel modules would not be >> useful in Chrome OS, since it would involve adding an additional set of >> keys to our kernel and builds for no good reason: we already trust the >> contents of our root filesystem. We don't need to verify those kernel >> modules a second time. Having to do signature checking on module loading >> would slow us down and be redundant. All we need to know is where a >> module is coming from so we can say yes/no to loading it. > > Just out of interest, has anyone else expressed interest in using this > feature? > we are looking at using it in apparmor as well
-- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
