Just strip the signature before comparing the rebuilt artifacts?
Just strip the signature before comparing the rebuilt artifacts?
Posted Mar 8, 2025 0:44 UTC (Sat) by bluca (subscriber, #118303)In reply to: Just strip the signature before comparing the rebuilt artifacts? by Cyberax
Parent article: Hash-based module integrity checking
No, it really is not - it's made-up nonsense that fails to solve a problem that doesn't exist while at the same time making everything worse on all aspects. But nice try.
Posted Mar 8, 2025 0:48 UTC (Sat)
by Cyberax (✭ supporter ✭, #52523)
[Link] (3 responses)
First, not _everyone_ needs or wants the kernel signatures. I don't need them, I have enrolled my own keys into the Secure Boot. But I for sure want to have a guarantee that my kernel was indeed built from the supplied sources. Ideally integrated into the package management system.
In my scenario, I just won't bother installing the non-reproducible signature packages. They can even be put into a separate package repository, actually (like it's done with non-free right now).
Posted Mar 9, 2025 20:03 UTC (Sun)
by k3ninho (subscriber, #50375)
[Link] (2 responses)
K3n.
Posted Mar 10, 2025 8:28 UTC (Mon)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
Posted Mar 12, 2025 13:45 UTC (Wed)
by surajm (subscriber, #135863)
[Link]
Just strip the signature before comparing the rebuilt artifacts?
Just strip the signature before comparing the rebuilt artifacts?
Just strip the signature before comparing the rebuilt artifacts?
Just strip the signature before comparing the rebuilt artifacts?