Bug#1064839: Consider not using an ephemeral key or document its security model
Source: linux
Severity: normal
X-Debbugs-Cc: jak@debian.org
In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040901 I asked you
to switch to an ephemeral key which was a misunderstanding from a
discussion with xnox, which we still need to sort out fully.
Please either document how the buildds ensure that
- private key generation has enough, and high quality enough, entropy
- private keys are safely erased after not being needed anymore
or revert to signing modules with the CA key and use MODVERSIONS
and co to ensure that modules built for one ABI cannot be used
with another.
I need to update the question in shim-review accordingly, I think
I never reverted it or adjusted it, but it will likely take the
form of the previous three paragraphs.
I sincerely apologize for causing this misunderstanding.
-- System Information:
Debian Release: trixie/sid
APT prefers noble
APT policy: (500, 'noble'), (500, 'mantic-security')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.8.0-11-generic (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
Reply to: