Hey, Jeremy Stanley: > Okay, so for systems to which a malicious party may gain physical > access (or remote console access) there's sort of a third risk this > addresses. A special case of the second risk really. *If* you're > also encrypting the filesystem on which that signing key resides > (via LUKS or similar) then this might keep you safe from someone > with access to replace the kernel or initrd on the unencrypted boot > partition... but only if they can't unlock the decryption key for > the FS which holds the signing key of course. In my eyes this is the most common real-world szenario that you want to protect against. It's a real threat both for laptops that are left alone for longer periods as well as servers hosted in a data center that you don't control. At the same time third-party kernel modules unfortunately still are a thing (virtualbox being the most infamous one in my experience as well), so providing a simple solution to auto-sign the built modules would certainly be of help. Cheers jonas
Attachment:
signature.asc
Description: OpenPGP digital signature