Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S269469AbUJQUTj (ORCPT ); Sun, 17 Oct 2004 16:19:39 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S269404AbUJQUTj (ORCPT ); Sun, 17 Oct 2004 16:19:39 -0400 Received: from rage.4t2.com ([217.20.115.48]:58554 "EHLO rage.4t2.com") by vger.kernel.org with ESMTP id S269469AbUJQUTP (ORCPT ); Sun, 17 Oct 2004 16:19:15 -0400 Date: Sun, 17 Oct 2004 22:18:32 +0200 From: Thomas Weber To: Tonnerre Cc: Josh Boyer , root@chaos.analogic.com, gene.heskett@verizon.net, linux-kernel@vger.kernel.org, Roman Zippel , David Howells , "Rusty Russell (IBM)" , David Woodhouse , Greg KH , Arjan van de Ven , Joy Latten Subject: Re: Fw: signed kernel modules? Message-ID: <20041017201832.GA28859@4t2.com> References: <27277.1097702318@redhat.com> <1097843492.29988.6.camel@weaponx.rchland.ibm.com> <200410151153.08527.gene.heskett@verizon.net> <1097857049.29988.29.camel@weaponx.rchland.ibm.com> <1097862366.29988.51.camel@weaponx.rchland.ibm.com> <20041015201147.GA23355@thundrix.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041015201147.GA23355@thundrix.ch> User-Agent: Mutt/1.5.6+20040722i X-4t2Systems-MailScanner: Found to be clean X-4t2Systems-MailScanner-From: l_linux-kernel@mail2news.4t2.com Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1685 Lines: 36 On Fri, Oct 15, 2004 at 10:11:47PM +0200, Tonnerre wrote: > > What trusted computing revealed is that there is at least amongst some > companies a desire to be able to dictate what's going on on your > computer. Think Disney here. > Tonnerre > > PS. I did a module signing patch some years ago. I did a framework. I > did tests. I got scared of its power. All I say is, take care. Think about companies deploing binary only drivers for their hardware. I guess they'd be happy to have a 'feature' like this in the kernel. We might end up with hardware companies deploying binary only signed modules for the major distributions (with which they have deals). We might end up with weird patches from those companies to get their key into the kernel source in order to be able to load their signed module. Once a module itself requires this feature in the kernel you don't have the choice of saying 'No' to this option of compile time and you can't simply revert this patch anymore as others have suggested. This patch would give power to those who make binary distributions and (binary only) modules not to the admin who runs the system. Only allowing modules to be loaded from a secured area (read only device, signed 'container' of modules...) and leaving it to the admin which modules he puts into this area would address all the reasons for this patch without taking power away from the owner of the system. Tom - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/