Hi Mihai-Drosi, thanks for taking an interest into these patches!
On 2026-01-31 09:36:36+0200, Mihai-Drosi Câju wrote: > > The current signature-based module integrity checking has some drawbacks > > in combination with reproducible builds. Either the module signing key > > is generated at build time, which makes the build unreproducible, or a > > static signing key is used, which precludes rebuilds by third parties > > and makes the whole build and packaging process much more complicated. > > I think there is a middle ground where the module signing key is generated > using a key derivation function that has as an input a deterministic value > on the build host, such as /etc/machine-id . The problem with this approach > is that only hosts knowing the value will be able to reproduce the build. The goal is to make the distro kernel packages rebuildable by the general public. Any involvement of secret values will break this goal. > Maybe this is a solution to NixOS secret management? Introduce minimal > impurity as a cryptographic seed and derive the rest of the secrets using > something like Argon2(seed, key_uuid). I am not familiar with NixOS and its secret management. This patchset serves a wider audience. > There might be another approach to code integrity rather than step-by-step > reproducibility. One may exploit the very cryptographic primitives that make > reproducibility hard to ensure that reproducibility is most likely valid. > > For example, the module signing issue, the build host publishes four > artifacts: > * The source-code > * The compiled and signed binary > * The build environment > * Its public key > > Now, we don't need to sign with the private key to know that building the > source > code using the specific build environment and signing the result with the > private > key will result in the claimed binary. We can just compile and verify with the > public key. This could work if the goal is only to verify the reproducibility of a single, signed-en-bloc artifact. But we also need to handle vmlinux which contains the corresponding public key. It would need different handling. We can add some special logic to strip that public key before comparision. But then vmlinux might be compressed or wrapped in some other format. Another whole collection of special logic. (...) Thomas
