https://lwn.net/Articles/470906/ This is a special feed containing comments posted to the individual LWN article titled "Loading signed kernel modules". en-us Mon, 17 Nov 2025 12:56:09 +0000 Mon, 17 Nov 2025 12:56:09 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/483128/ https://lwn.net/Articles/483128/ raven667 <div class="FormattedComment"> The gplv2 and Linux definitely doesn't require that as Linux is used in locked down devices all the time. The gplv3 doesn't specifically require sharing of keys, afaik, but it does require there be a method to replace the shipping software with a modified version. That can be done by any method such as replaceable keys, disabling of signature checking, etc. <br> </div> Thu, 23 Feb 2012 00:45:09 +0000 https://lwn.net/Articles/483085/ https://lwn.net/Articles/483085/ Zizzle <div class="FormattedComment"> Does the GPL mean that the secret keys have to be publicly available for the vendor kernels?<br> <p> </div> Wed, 22 Feb 2012 21:20:25 +0000 https://lwn.net/Articles/471506/ https://lwn.net/Articles/471506/ jwboyer <div class="FormattedComment"> Small nit. Fedora doesn't include or use the module signing patches. That is RHEL only.<br> </div> Fri, 09 Dec 2011 19:29:32 +0000 https://lwn.net/Articles/471440/ https://lwn.net/Articles/471440/ rusty <div class="FormattedComment"> He'd have more chance of upstreaming if he CC'd the module maintainer. Well, maybe less in this case. But still, grr...<br> </div> Fri, 09 Dec 2011 11:20:35 +0000 https://lwn.net/Articles/471192/ https://lwn.net/Articles/471192/ epa <div class="FormattedComment"> Or else the modules could be built into the kernel image, perhaps as a static read-only ramdisk. Then the kernel will only load modules from this ramdisk and nowhere else. Then there is no need for hash functions either.<br> </div> Thu, 08 Dec 2011 13:52:37 +0000 https://lwn.net/Articles/471089/ https://lwn.net/Articles/471089/ josh <div class="FormattedComment"> That approach would work equally well, insofar as root can replace the set of hashes as easily as the set of public keys. It doesn't work well if the vendor wants to supply out-of-tree modules since the kernel won't have the hashes of those modules, compared to just signing those modules with the appropriate vendor key. But for the most part it would work fine, and remove a pile of more complex crypto code from the kernel.<br> </div> Thu, 08 Dec 2011 07:39:27 +0000 https://lwn.net/Articles/471075/ https://lwn.net/Articles/471075/ idupree <div class="FormattedComment"> What if one just wanted to embed into a kernel binary a fixed list of modules that could be loaded? Hypothetically, one could build a kernel with some modules, embed all those modules' SHA-256 hashes in the kernel, and use no public-key cryptography. Has anyone contemplated this as a use-case? (I can see pros and cons of my naive thought, but I'm sure a kernel/crypto expert can see better!)<br> </div> Thu, 08 Dec 2011 06:51:37 +0000