On Tue, 2016-06-07 at 19:06 +0100, Ben Hutchings wrote: > On Sun, 2016-05-29 at 13:38 +0100, Ben Hutchings wrote: > [...] > > So I think I have to abandon my current approach and instead do one of: > > > > 1. Attach module signatures at installation time, in a subdirectory. > > Change kmod to prefer this subdirectory (this is purely a > > configuration change). It would also be possible to check during > > installation that signatures match the installed unsigned modules, > > and if not then abort and leave any older signed modules in place. > > > > 2. Attach module signatures at package build time, making the > > linux-image-signed packages provide/conflict/replace the > > corresponding linux-image packages. For architectures with > > signed modules, udebs would be built from linux-signed and not > > from linux. > [...] > > I'm now implementing the second approach above. That's now done, in version 1.1, uploaded to unstable today. [...] > I think there are three steps left:: > > 1. Move udeb generation for configurations with module signing enabled > from linux to linux-signed. (This is in progress.) Now implemented on the benh/udebsig branches. > 2. (Optional) Remove the '-signed' suffix from signed packages and add > a '-unsigned' suffix to unsigned linux-image packages built with > module signing enabled. Adjust the Conflicts/Replaces/Provides > fields accordingly. I intend to implement steps 1 and 2 in the next upload to experimental. > 3. Change the signing script to use an HSM. This is still TBD. Ben. -- Ben Hutchings Any smoothly functioning technology is indistinguishable from a rigged demo.
Attachment:
signature.asc
Description: This is a digitally signed message part