On 4/7/26 7:00 PM, Chris Lamb wrote:
Hi all,
Please review the draft for March's Reproducible Builds report:
https://reproducible-builds.org/reports/2026-03/?draft
hey! :)
> Linux kernel’s signature-based integrity checking to be replaced?
This may cause a little bit of an upstir (for better or worse), it's not "we add
one feature and remove another one", they are controls you can reach for that
are meant to co-exist, and it ultimately depends on the person configuring your
kernel.
You MAY configure it with private keys and signatures the way things are today.
You MAY configure it with both a hash-based allow-list and a private-key escape
hatch for out-of-tree modules.
You MAY configure a fully nothing-up-my-sleeve kernel, with the source code
being the absolute source (heh) of truth what code may or may not get accepted
by the kernel, without deferring the security problem to a private key that you
then need to worry about.
You MAY technically also configure a kernel that uses neither, and
CAP_SYS_MODULE being the only security control.
cheers,
kpcyrd
