Re: [GIT PULL] Load keys from signed PE binaries

From: Linus Torvalds
Date: Thu Feb 21 2013 - 13:57:03 EST

Next message: Rado Vrbovsky: "Re: [PATCH] ata_piix: Add MODULE_PARM_DESC to prefer_ms_hyperv"
Previous message: Stephen Warren: "Re: [PATCH 1/1] memory: tegra_ahb_enable_smmu() depends on TEGRA_IOMMU_SMMU"
In reply to: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 21, 2013 at 10:34 AM, Peter Jones <pjones@xxxxxxxxxx> wrote:
> On Thu, Feb 21, 2013 at 10:25:47AM -0800, Linus Torvalds wrote:
>> - why do you bother with the MS keysigning of Linux kernel modules to
>> begin with?
>
> This is not actually what the patchset implements. All it's done here
> is using PE files as envelopes for keys. The usage this enables is to
> allow for whoever makes a module (binary only or merely out of tree for
> whatever reason) to sign it and vouch for it themselves. That could
> include, for example, a systemtap module.

Umm. And which part of "We already support that, using standard X.509
certificates" did we suddenly miss?

So no. The PE file thing makes no sense what-so-ever. What you mention
we can already do, and we already do it *better*.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rado Vrbovsky: "Re: [PATCH] ata_piix: Add MODULE_PARM_DESC to prefer_ms_hyperv"
Previous message: Stephen Warren: "Re: [PATCH 1/1] memory: tegra_ahb_enable_smmu() depends on TEGRA_IOMMU_SMMU"
In reply to: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]