On 2025-01-23 00:28:40+0100, kpcyrd wrote:
> Thanks for reaching out, also your work on this is much appreciated and
> followed with great interest. <3
>
> On 1/20/25 6:44 PM, Thomas Weißschuh wrote:
> > diff --git a/kernel/module/main.c b/kernel/module/main.c
> > index
> > effe1db02973d4f60ff6cb
Hi Petr,
On 2025-02-03 15:22:54+0100, Petr Pavlu wrote:
> On 1/20/25 18:44, Thomas Weißschuh wrote:
> > The current signature-based module integrity checking has some drawbacks
> > in combination with reproducible builds:
> > Either the module signing key is generated at build time, which makes
>
On 1/20/25 18:44, Thomas Weißschuh wrote:
> The current signature-based module integrity checking has some drawbacks
> in combination with reproducible builds:
> Either the module signing key is generated at build time, which makes
> the build unreproducible, or a static key is used, which preclude
Hi!
Thanks for reaching out, also your work on this is much appreciated and
followed with great interest. <3
On 1/20/25 6:44 PM, Thomas Weißschuh wrote:
diff --git a/kernel/module/main.c b/kernel/module/main.c
index
effe1db02973d4f60ff6cbc0d3b5241a3576fa3e..094ace81d795711b56d12a2abc75ea3544
The current signature-based module integrity checking has some drawbacks
in combination with reproducible builds:
Either the module signing key is generated at build time, which makes
the build unreproducible, or a static key is used, which precludes
rebuilds by third parties and makes the whole bu
