Re: Compatibility between kernel and modules
On Thu, 15 Dec 2022 11:10:52AM +0000, Luca Boccassi wrote:
> On Sat, Dec 10, 2022 at 02:27:12PM +0100, Bastian Blank wrote:
>> If we go with the last option we would have also some direct advantages.
>> We could stop signing modules with the secure boot key, but use a
>> temporary key. This would for a system with signature checking enabled
>> effectively trash all possibilities to load modules for a different
>> kernel build.
>> What should we do?
> +1 on using the ephemeral key from me, those advantages seem to
> outweight the drawbacks. It should be possible, in theory, to teach
> diffoscope to ignore the embedded ephemeral public key in the kernel
> image when comparing builds?
Would using a multi-stage module-signing approach[1] help? (if I
understand correctly, the embedded certificate material should be
static and thus reproducible)
[1] - https://www.kernel.org/doc/html/v6.1/kbuild/reproducible-builds.html#module-signing
(note: apologies for the lack of an in-reply-to email header on this
message. I'm not subscribed to the list but wanted to add a reply,
and couldn't figure out how to set that header manually in the email
client I'm using)
Reply to: