Andy Lutomirski <[email protected]> wrote: > The actual runtime code needed to implement a hash tree solution is > maybe twenty lines. The bzImage will be smaller,
But the initramfs image will be bigger because it will have to carry the entire module hash list just in case any particular module needs to get loaded from the initramfs. You have to carry the entire hash set so that you can hash it and compare against the one hash in the vmlinux file. And that doesn't include the issue of hashing the firmware blobs you might need. > With your proposal, I need to trust that whoever built the actual > running kernel image really did throw away the key. If they didn't, > then under whatever threat model requires that I enable module > verification, I'm screwed -- the bad guy has the private key. Each private key is used for one single kernel, so if they steal one, you can blacklist it if you have the capability (eg. UEFI) and change your kernel. David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
