On 2025-02-03 14:14:41+0100, Christian Heusel wrote:
> Hey Thomas,
>
> On 25/01/20 06:44PM, Thomas Weißschuh wrote:
> > Thomas Weißschuh (6):
> > kbuild: add stamp file for vmlinux BTF data
> > module: Make module loading policy usable without MODULE_SIG
> > module: Move integrit
Hey Thomas,
On 25/01/20 06:44PM, Thomas Weißschuh wrote:
> Thomas Weißschuh (6):
> kbuild: add stamp file for vmlinux BTF data
> module: Make module loading policy usable without MODULE_SIG
> module: Move integrity checks into dedicated function
> module: Move lockdown chec
On 1/20/25 19:44, Thomas Weißschuh wrote:
The current signature-based module integrity checking has some drawbacks
in combination with reproducible builds:
Either the module signing key is generated at build time, which makes
the build unreproducible, or a static key is used, which precludes
rebu
On Tue, 2025-01-21 at 13:58 +0100, Thomas Weißschuh wrote:
> Hi Roberto,
>
> On 2025-01-21 11:26:29+0100, Roberto Sassu wrote:
> > On Mon, 2025-01-20 at 18:44 +0100, Thomas Weißschuh wrote:
> > > The current signature-based module integrity checking has some drawbacks
> > > in combination with rep
Hi Roberto,
On 2025-01-21 11:26:29+0100, Roberto Sassu wrote:
> On Mon, 2025-01-20 at 18:44 +0100, Thomas Weißschuh wrote:
> > The current signature-based module integrity checking has some drawbacks
> > in combination with reproducible builds:
> > Either the module signing key is generated at bui
On Mon, 2025-01-20 at 18:44 +0100, Thomas Weißschuh wrote:
> The current signature-based module integrity checking has some drawbacks
> in combination with reproducible builds:
> Either the module signing key is generated at build time, which makes
> the build unreproducible, or a static key is use
The current signature-based module integrity checking has some drawbacks
in combination with reproducible builds:
Either the module signing key is generated at build time, which makes
the build unreproducible, or a static key is used, which precludes
rebuilds by third parties and makes the whole bu
