On Wed, 14 Feb 2007 22:14:53 PST, Andreas Gruenbacher said: > I agree, that's really what should happen. We solve this by marking modules as > supported, partner supported, or unsupported, but in an "insecure" way, so > partners and users could try to fake the support status of a module and/or > remove status flags from Oopses, and cryptography wouldn't save us. Where cryptography *can* save you is that a partner or user can't fake a 'Suse Supported' signature without access to the Suse private key.
Attachment:
pgpejV5RmyF4J.pgp
Description: PGP signature
- Follow-Ups:
- Re: [PATCH 0/6] MODSIGN: Kernel module signing
- From: Andreas Gruenbacher <[email protected]>
- Re: [PATCH 0/6] MODSIGN: Kernel module signing
- References:
- [PATCH 0/6] MODSIGN: Kernel module signing
- From: David Howells <[email protected]>
- Re: [PATCH 0/6] MODSIGN: Kernel module signing
- From: Andreas Gruenbacher <[email protected]>
- Re: [PATCH 0/6] MODSIGN: Kernel module signing
- From: Dave Jones <[email protected]>
- Re: [PATCH 0/6] MODSIGN: Kernel module signing
- From: Andreas Gruenbacher <[email protected]>
- [PATCH 0/6] MODSIGN: Kernel module signing
- Prev by Date: Re: [PATCH] serial driver PMC MSP71xx, kernel linux-mips.git master
- Next by Date: Re: [PATCH 2/7] containers (V7): Cpusets hooked into containers
- Previous by thread: Re: [PATCH 0/6] MODSIGN: Kernel module signing
- Next by thread: Re: [PATCH 0/6] MODSIGN: Kernel module signing
- Index(es):
 |