LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Valdis.Kletnieks@vt.edu
To: Dave Jones <davej@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
David Howells <dhowells@redhat.com>,
torvalds@linux-foundation.org, herbert.xu@redhat.com,
linux-kernel@vger.kernel.org, arjan@infradead.org,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH 0/6] MODSIGN: Kernel module signing
Date: Thu, 15 Feb 2007 15:55:41 -0500 [thread overview]
Message-ID: <200702152055.l1FKtfTY012824@turing-police.cc.vt.edu> (raw)
In-Reply-To: Your message of "Wed, 14 Feb 2007 23:13:45 EST." <20070215041345.GA15654@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1135 bytes --]
On Wed, 14 Feb 2007 23:13:45 EST, Dave Jones said:
> One argument in its favour is aparently Red Hat isn't the only vendor
> with something like this. I've not investigated it, but I hear rumours
> that suse has something similar. Having everyone using the same code
> would be a win for obvious reasons.
Another argument in its favor is that it actually allows the kernel to
implement *real* checking of module licenses and trumps all the proposals
to deal with MODULE_LICENSE("GPL\0Haha!"). A vendor (or user) that wants
to be *sure* that only *really really* GPL modules are loaded can simply
refuse to load unsigned modules - and then refuse to sign a module until
after they had themselves visited the source's website, verified that the
source code was available under GPL, and so on.
Remember - the GPL is about the availability of the source. And at modprobe
time, the source isn't available. So you're left with two options:
1) Trust the binary to not lie to you about its license.
2) Ask a trusted 3rd party (usually, the person/distro that built the kernel)
whether they've verified the claim that it's really GPL.
[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]
next prev parent reply other threads:[~2007-02-15 20:56 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-14 19:09 David Howells
2007-02-14 19:09 ` [PATCH 2/6] MODSIGN: In-kernel crypto extensions David Howells
2007-02-14 19:09 ` [PATCH 3/6] MODSIGN: Add indications of module ELF types David Howells
2007-02-14 19:09 ` [PATCH 4/6] MODSIGN: Module ELF verifier David Howells
2007-02-14 19:10 ` [PATCH 5/6] MODSIGN: Module signature checker and key manager David Howells
2007-02-14 19:10 ` [PATCH 6/6] MODSIGN: Apply signature checking to modules on module load David Howells
2007-02-14 19:26 ` [PATCH 0/6] MODSIGN: Kernel module signing Linus Torvalds
2007-02-14 19:40 ` David Howells
2007-02-14 21:32 ` Michael Halcrow
2007-02-14 21:59 ` David Howells
2007-02-14 22:21 ` Michael Halcrow
2007-02-15 21:31 ` Indan Zupancic
2007-02-15 3:41 ` Andrew Morton
2007-02-15 4:13 ` Dave Jones
2007-02-15 5:35 ` Andreas Gruenbacher
2007-02-15 5:45 ` Dave Jones
2007-02-15 6:14 ` Andreas Gruenbacher
2007-02-15 6:22 ` Dave Jones
2007-02-15 20:34 ` Valdis.Kletnieks
2007-02-15 22:12 ` Andreas Gruenbacher
2007-02-16 0:15 ` Olaf Kirch
2007-02-15 22:10 ` Pavel Machek
2007-02-15 20:55 ` Valdis.Kletnieks [this message]
2007-02-15 21:32 ` Adrian Bunk
2007-02-15 22:12 ` Valdis.Kletnieks
2007-02-15 14:35 ` Roman Zippel
2007-02-15 17:32 ` David Howells
2007-02-15 18:33 ` Roman Zippel
2007-02-15 20:01 ` David Lang
2007-02-15 21:01 ` Roman Zippel
2007-02-15 21:03 ` Adrian Bunk
2007-02-15 22:13 ` Pavel Machek
2007-02-16 20:21 ` Dave Jones
2007-02-16 20:27 ` Arjan van de Ven
[not found] <7OPWh-470-9@gated-at.bofh.it>
[not found] ` <7OxPF-16i-7@gated-at.bofh.it>
[not found] ` <7OSKA-8A-17@gated-at.bofh.it>
[not found] ` <7OTGJ-1G5-23@gated-at.bofh.it>
2007-02-16 15:38 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200702152055.l1FKtfTY012824@turing-police.cc.vt.edu \
--to=valdis.kletnieks@vt.edu \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=davej@redhat.com \
--cc=dhowells@redhat.com \
--cc=herbert.xu@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--subject='Re: [PATCH 0/6] MODSIGN: Kernel module signing' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).