From: Thomas Weber <l_linux-kernel@mail2news.4t2.com>
To: Tonnerre <tonnerre@thundrix.ch>
Cc: Josh Boyer <jdub@us.ibm.com>,
root@chaos.analogic.com, gene.heskett@verizon.net,
linux-kernel@vger.kernel.org,
Roman Zippel <zippel@linux-m68k.org>,
David Howells <dhowells@redhat.com>,
"Rusty Russell (IBM)" <rusty@au1.ibm.com>,
David Woodhouse <dwmw2@infradead.org>, Greg KH <greg@kroah.com>,
Arjan van de Ven <arjanv@redhat.com>,
Joy Latten <latten@us.ibm.com>
Subject: Re: Fw: signed kernel modules?
Date: Sun, 17 Oct 2004 22:18:32 +0200 [thread overview]
Message-ID: <20041017201832.GA28859@4t2.com> (raw)
In-Reply-To: <20041015201147.GA23355@thundrix.ch>
On Fri, Oct 15, 2004 at 10:11:47PM +0200, Tonnerre wrote:
>
> What trusted computing revealed is that there is at least amongst some
> companies a desire to be able to dictate what's going on on your
> computer. Think Disney here.
> Tonnerre
>
> PS. I did a module signing patch some years ago. I did a framework. I
> did tests. I got scared of its power. All I say is, take care.
Think about companies deploing binary only drivers for their hardware.
I guess they'd be happy to have a 'feature' like this in the kernel.
We might end up with hardware companies deploying binary only signed
modules for the major distributions (with which they have deals).
We might end up with weird patches from those companies to get their key
into the kernel source in order to be able to load their signed module.
Once a module itself requires this feature in the kernel you don't have
the choice of saying 'No' to this option of compile time and you can't
simply revert this patch anymore as others have suggested.
This patch would give power to those who make binary distributions and
(binary only) modules not to the admin who runs the system.
Only allowing modules to be loaded from a secured area (read only
device, signed 'container' of modules...) and leaving it to the
admin which modules he puts into this area would address all the reasons
for this patch without taking power away from the owner of the system.
Tom
next prev parent reply other threads:[~2004-10-17 20:19 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1096411448.3230.22.camel@localhost.localdomain>
[not found] ` <1092403984.29463.11.camel@bach>
[not found] ` <1092369784.25194.225.camel@bach>
[not found] ` <20040812092029.GA30255@devserv.devel.redhat.com>
[not found] ` <20040811211719.GD21894@kroah.com>
[not found] ` <OF4B7132F5.8BE9D947-ON87256EEB.007192D0-86256EEB.00740B23@us.ibm.com>
[not found] ` <1092097278.20335.51.camel@bach>
[not found] ` <20040810002741.GA7764@kroah.com>
[not found] ` <1092189167.22236.67.camel@bach>
[not found] ` <19388.1092301990@redhat.com>
[not found] ` <30797.1092308768@redhat.com>
[not found] ` <20040812111853.GB25950@devserv.devel.redhat.com>
[not found] ` <20040812200917.GD2952@kroah.com>
[not found] ` <26280.1092388799@redhat.com>
[not found] ` <27175.1095936746@redhat.com>
[not found] ` <30591.1096451074@redhat.com>
[not found] ` <1096544201.8043.816.camel@localhost.localdomain>
2004-10-11 15:11 ` Fw: signed kernel modules? David Howells
2004-10-11 15:15 ` David Woodhouse
2004-10-11 22:34 ` Rusty Russell (IBM)
2004-10-12 8:35 ` David Woodhouse
2004-10-12 19:08 ` Greg KH
2004-10-12 19:16 ` David Howells
2004-10-12 20:43 ` David Howells
2004-10-13 0:20 ` Rusty Russell (IBM)
2004-10-13 8:24 ` David Woodhouse
2004-10-13 0:11 ` Rusty Russell (IBM)
2004-10-13 9:16 ` David Woodhouse
2004-10-13 21:21 ` Rusty Russell (IBM)
2004-10-13 9:24 ` David Howells
2004-10-13 10:42 ` Alan Cox
2004-10-13 22:40 ` Rusty Russell (IBM)
2004-10-14 10:17 ` David Howells
2004-10-15 0:28 ` Rusty Russell (IBM)
2004-10-14 23:44 ` Alan Cox
2004-10-15 1:00 ` Rusty Russell (IBM)
2004-10-13 21:18 ` David Howells
2004-10-13 21:51 ` Roman Zippel
2004-10-14 11:12 ` David Howells
2004-10-14 12:01 ` Roman Zippel
2004-10-14 12:11 ` David Woodhouse
2004-10-14 14:22 ` Roman Zippel
2004-10-14 14:30 ` David Woodhouse
2004-10-14 21:03 ` Roman Zippel
2004-10-14 21:24 ` David Woodhouse
2004-10-14 21:36 ` Roman Zippel
2004-10-14 21:52 ` David Woodhouse
2004-10-14 22:15 ` Roman Zippel
2004-10-14 22:32 ` David Howells
2004-10-14 22:38 ` Roman Zippel
2004-10-14 12:14 ` David Howells
2004-10-14 13:08 ` Richard B. Johnson
2004-10-14 14:18 ` Geert Uytterhoeven
2004-10-14 14:25 ` Richard B. Johnson
2004-10-14 15:40 ` Richard B. Johnson
2004-10-14 15:50 ` Dave Jones
[not found] ` <Pine.LNX.4.61.0410141352590.8479@chaos.analogic.com>
2004-10-14 18:20 ` Dave Jones
2004-10-14 18:30 ` Richard B. Johnson
2004-10-14 18:46 ` Dave Jones
2004-10-14 19:03 ` Richard B. Johnson
2004-10-14 19:41 ` Geert Uytterhoeven
2004-10-14 21:13 ` Dave Jones
2004-10-18 1:56 ` Jon Masters
2004-10-13 23:01 ` Rusty Russell
2004-10-14 11:02 ` David Howells
2004-10-15 0:47 ` Rusty Russell
2004-10-14 18:09 ` David Howells
2004-10-15 11:12 ` Roman Zippel
2004-10-15 12:10 ` Richard B. Johnson
2004-10-15 12:31 ` Josh Boyer
2004-10-15 15:53 ` Gene Heskett
2004-10-15 16:17 ` Josh Boyer
2004-10-15 16:59 ` Richard B. Johnson
2004-10-15 17:08 ` David Woodhouse
2004-10-15 17:35 ` Richard B. Johnson
2004-10-15 20:56 ` Lee Revell
2004-10-15 21:18 ` Greg KH
2004-10-15 21:34 ` Chris Friesen
2004-10-15 22:08 ` Richard B. Johnson
2004-10-18 12:53 ` Richard B. Johnson
2004-10-18 13:53 ` Matthew Garrett
2004-10-18 14:09 ` Richard B. Johnson
2004-10-18 16:33 ` Greg KH
2004-10-18 17:14 ` Richard B. Johnson
2004-10-18 17:28 ` Richard B. Johnson
2004-10-15 17:46 ` Josh Boyer
2004-10-15 20:11 ` Tonnerre
2004-10-17 20:18 ` Thomas Weber [this message]
2004-10-17 20:52 ` Geert Uytterhoeven
2004-10-17 21:25 ` Thomas Weber
2004-10-15 12:48 ` Roman Zippel
2004-10-15 15:51 ` Gene Heskett
2004-10-15 14:01 ` David Woodhouse
2004-10-15 14:28 ` Roman Zippel
2004-10-15 15:54 ` Gene Heskett
2004-10-15 16:33 ` Arjan van de Ven
2004-10-14 18:44 ` Thomas Weber
2004-10-15 15:37 Chuck Ebbert
2004-10-15 16:05 ` Olivier Galibert
[not found] <fa.ghoqtmo.8nqeb0@ifi.uio.no>
[not found] ` <fa.jtpibm5.1l4ki17@ifi.uio.no>
2004-10-17 15:13 ` Bodo Eggert
2004-10-18 11:27 ` Richard B. Johnson
2004-10-23 10:19 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041017201832.GA28859@4t2.com \
--to=l_linux-kernel@mail2news.4t2.com \
--cc=arjanv@redhat.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=gene.heskett@verizon.net \
--cc=greg@kroah.com \
--cc=jdub@us.ibm.com \
--cc=latten@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=root@chaos.analogic.com \
--cc=rusty@au1.ibm.com \
--cc=tonnerre@thundrix.ch \
--cc=zippel@linux-m68k.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox