Bastien Nocera <bnoc...@redhat.com> writes: >> > If you are creating a cert to sign the out-of-tree modules and expect >> > it to be accepted by the kernel, it cannot be ephemeral. A user would >> > need someway to import it into their kernel or have it passed from >> > grub. [...] >> >> That just proves that Restricted Boot and especially our implementation of >> it (requiring kernel modules to be signed) is a very bad thing. > > How do you expect to be able to ensure that the kernel only loads "known good" > modules if you can insert random modules that might subvert SecureBoot and > all that it allows to secure?
For systemtap on secureboot systems, we rely on Machine Owner Keys. These keys are generated once. The public half is put into UEFI via mokutil and a reboot. The private half held at another trusted machine. Then that machine can sign modules with the MOK key and have normal Fedora kernels/shims accept them. - FChE -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
