Hi Thomas, On Tue, May 05, 2026 at 11:05:04AM +0200, Thomas Weißschuh wrote: > The current signature-based module integrity checking has some drawbacks > in combination with reproducible builds. Either the module signing key > is generated at build time, which makes the build unreproducible, or a > static signing key is used, which precludes rebuilds by third parties > and makes the whole build and packaging process much more complicated. > > The goal is to reach bit-for-bit reproducibility. Excluding certain > parts of the build output from the reproducibility analysis would be > error-prone and force each downstream consumer to introduce new tooling. > > Introduce a new mechanism to ensure only well-known modules are loaded > by embedding a merkle tree root of all modules built as part of the full > kernel build into vmlinux.
I noticed Sashiko had a few concerns about the build changes. Would you mind taking a look to see if they're valid? https://sashiko.dev/#/patchset/20260505-module-hashes-v5-0-e174a5a49fce%40weissschuh.net Sami
