On Tue, 2018-02-20 at 20:37 +, Matthew Garrett wrote:
> On Tue, Feb 20, 2018 at 11:21 AM Jessica Yu wrote:
[...]
> > In any case, I think I'd be willing to merge it as a module_param made
> > available under CONFIG_MODULE_SIG=y (rather than as a new separate config
> > option), while preservin
+++ Matthew Garrett [07/08/17 12:50 -0700]:
The default kernel behaviour is for unsigned or invalidly signed modules
to load without warning. Right now, If CONFIG_MODULE_SIG is enabled the
kernel will be tainted in this case. Distributions may wish to enable
CONFIG_MODULE_SIG in order to permit s
+++ Matthew Garrett [20/02/18 20:37 +]:
On Tue, Feb 20, 2018 at 11:21 AM Jessica Yu wrote:
Ah, OK. So if I'm understanding correctly, you want to use the same kernel
image/configuration but for two different use cases, one where the module
signatures do not matter, and one where they do ma
On Tue, Feb 20, 2018 at 11:21 AM Jessica Yu wrote:
> Ah, OK. So if I'm understanding correctly, you want to use the same kernel
> image/configuration but for two different use cases, one where the module
> signatures do not matter, and one where they do matter. But the config you
> want to use in
+++ Matthew Garrett [15/02/18 19:36 +]:
On Thu, Feb 15, 2018 at 7:25 AM Jessica Yu wrote:
I'm still unclear on why a distro would enable CONFIG_MODULE_SIG and
then _not_ want to know about unsigned modules.
The same kernel image may be used in situations where the use case benefits
from e
On Fri, Feb 16, 2018 at 12:25 AM Philipp Hahn wrote:
> Sadly didn't work for me :-(
> If my understanding is correct and iff that would work, Debian (and
> others) could load their public key into Shim and then use the
> associated private key for singing their modules.
This works for UEFI system
Hello,
Am 15.02.2018 um 20:36 schrieb Matthew Garrett:
> On Thu, Feb 15, 2018 at 7:25 AM Jessica Yu wrote:
>> From what I understand from Ben's post from last year
>> (http://lkml.kernel.org/r/1504044122.4448.24.ca...@decadent.org.uk),
>> it sounds like the main issue is that Debian doesn't supp
On Thu, Feb 15, 2018 at 7:25 AM Jessica Yu wrote:
> I'm still unclear on why a distro would enable CONFIG_MODULE_SIG and
> then _not_ want to know about unsigned modules.
The same kernel image may be used in situations where the use case benefits
from enforcement of module signatures and cases wh
+++ Matthew Garrett [14/02/18 18:21 +]:
Hi Jessica,
Any objections to this patch?
Thanks!
Hi Matthew!
My questions and comments from last year still apply here -
http://lkml.kernel.org/r/20170829175647.ej5fqszss2mbpc5i@redbean
I'm still unclear on why a distro would enable CONFIG_MODU
Hi Jessica,
Any objections to this patch?
Thanks!
The default kernel behaviour is for unsigned or invalidly signed modules
to load without warning. Right now, If CONFIG_MODULE_SIG is enabled the
kernel will be tainted in this case. Distributions may wish to enable
CONFIG_MODULE_SIG in order to permit signature enforcement, but may not
wish to alte
11 matches
Mail list logo
