On Thu, Feb 21, 2013 at 10:03:20AM -0800, Linus Torvalds wrote: > Seriously, if somebody wants to make a binary module for Fedora 18 or > whatever, they should go to Red Hat and ask whether RH is willing to > sign their key. And the whole "no, we only think it makes sense to > trust MS keys" argument is so f*cking stupid that if somebody really > brings that up, I can only throw my hands up and say "whatever".
MS have infrastructure to do identity verification and actually run some kind of vaguely responsible CA, and I don't trust Red Hat to be able to do that. And if the machine's carrying Microsoft's key in its firmware then you *already* trust Microsoft, because if the bad guy can get something signed by them then he's already just replaced your bootloader instead of pissing about inserting modules. Using the hardware keys as the root of trust makes practical sense. > Besides, let's face it, Red Hat is going to sign the official nVidia > and AMD binary modules anyway. Don't even bother to pretend anything > else. I don't think there's any chance of them signing modules. But it's a given that RHEL's going to end up trusting keys owned by nvidia and amd somehow, and chances are that's going to be based on the Microsoft signing service. The question is whether there's a benefit in ensuring that the same key is trusted by RHEL, Ubuntu, Suse and everyone else or whether different kernels are going to have completely different policies. -- Matthew Garrett | mj...@srcf.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
