On Thu, 8 Aug 2019, Matthew Garrett wrote:
> On Thu, Aug 8, 2019 at 3:01 AM Jessica Yu wrote:
> > If you're confident that a hard dependency is not the right approach,
> > then perhaps we could add a comment in the Kconfig (You could take a
> > look at the comment under MODULE_SIG_ALL in
On Thu, Aug 8, 2019 at 3:01 AM Jessica Yu wrote:
> If you're confident that a hard dependency is not the right approach,
> then perhaps we could add a comment in the Kconfig (You could take a
> look at the comment under MODULE_SIG_ALL in init/Kconfig for an
> example)? If someone is configuring
+++ Matthew Garrett [01/08/19 13:42 -0700]:
On Thu, Aug 1, 2019 at 7:22 AM Jessica Yu wrote:
Apologies if this was addressed in another patch in your series (I've
only skimmed the first few), but what should happen if the kernel is
locked down, but CONFIG_MODULE_SIG=n? Or shouldn't
On Thu, Aug 1, 2019 at 7:22 AM Jessica Yu wrote:
> Apologies if this was addressed in another patch in your series (I've
> only skimmed the first few), but what should happen if the kernel is
> locked down, but CONFIG_MODULE_SIG=n? Or shouldn't
> CONFIG_SECURITY_LOCKDOWN_LSM
> depend on
+++ Matthew Garrett [31/07/19 15:15 -0700]:
From: David Howells
If the kernel is locked down, require that all modules have valid
signatures that we can verify.
I have adjusted the errors generated:
(1) If there's no signature (ENODATA) or we can't check it (ENOPKG,
ENOKEY), then:
From: David Howells
If the kernel is locked down, require that all modules have valid
signatures that we can verify.
I have adjusted the errors generated:
(1) If there's no signature (ENODATA) or we can't check it (ENOPKG,
ENOKEY), then:
(a) If signatures are enforced then
6 matches
Mail list logo