KS2012: Module signing
Posted Sep 7, 2012 5:58 UTC (Fri) by alonz
Parent article: KS2012: Module signing
For binary modules, such as the NVIDIA graphics drivers, users would have to add the NVIDIA public key to the kernel ring, Peter Jones said.
And has anyone proposed a secure method to do this magic?
Just permitting the user (or even root) to add arbitrary public keys to the kernel key ring would basically compromise the entire mechanism – it allows the user to load any code (as the key can be one he has just generated on the spot to sign his malware).
Of course, the issue only arises in the full secure-boot scenario, so maybe there we would just block the adding of additional public keys (and thus totally block binary modules).
to post comments)