Re: [PATCH 0/6] MODSIGN: Kernel module signing

On Thu, Feb 15, 2007 at 03:55:41PM -0500, [email protected] wrote:
> On Wed, 14 Feb 2007 23:13:45 EST, Dave Jones said:
> > One argument in its favour is aparently Red Hat isn't the only vendor
> > with something like this.  I've not investigated it, but I hear rumours
> > that suse has something similar.  Having everyone using the same code
> > would be a win for obvious reasons.
> 
> Another argument in its favor is that it actually allows the kernel to
> implement *real* checking of module licenses and trumps all the proposals
> to deal with MODULE_LICENSE("GPL\0Haha!").  A vendor (or user) that wants
> to be *sure* that only *really really* GPL modules are loaded can simply
> refuse to load unsigned modules - and then refuse to sign a module until
> after they had themselves visited the source's website, verified that the
> source code was available under GPL, and so on.
> 
> Remember - the GPL is about the availability of the source.  And at modprobe
> time, the source isn't available.  So you're left with two options:
> 
> 1) Trust the binary to not lie to you about its license.
> 2) Ask a trusted 3rd party (usually, the person/distro that built the kernel)
> whether they've verified the claim that it's really GPL.

There are different opinions whether the "complete source code" of the 
GPLv2 includes in such cases public keys, making it questionable whether 
your example will survive at court in all jurisdictions.

E.g. remember that gpl-violations.org has already successfully enforced 
the publication of public keys for "firmware only loads signed kernels" 
cases by threatening companies to otherwise take legal actions in 
Germany.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [PATCH 0/6] MODSIGN: Kernel module signing
    • From: [email protected]

• References:
  • [PATCH 0/6] MODSIGN: Kernel module signing
    • From: David Howells <[email protected]>
  • Re: [PATCH 0/6] MODSIGN: Kernel module signing
    • From: Andrew Morton <[email protected]>
  • Re: [PATCH 0/6] MODSIGN: Kernel module signing
    • From: Dave Jones <[email protected]>
  • Re: [PATCH 0/6] MODSIGN: Kernel module signing
    • From: [email protected]

• Prev by Date: Re: [PATCH 0/6] MODSIGN: Kernel module signing
• Next by Date: Re: [PATCH] local_t : powerpc extension - use long for powerpc32
• Previous by thread: Re: [PATCH 0/6] MODSIGN: Kernel module signing
• Next by thread: Re: [PATCH 0/6] MODSIGN: Kernel module signing
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]