[PATCH v4 00/17] module: Introduce hash-based integrity checking
David Howells
dhowells at redhat.com
Sun Feb 1 17:09:48 UTC 2026
Mihai-Drosi Câju <mcaju95 at gmail.com> wrote:
> > The current signature-based module integrity checking has some drawbacks
> in combination with reproducible builds. Either the module signing key
> is generated at build time, which makes the build unreproducible, or a
> static signing key is used, which precludes rebuilds by third parties
> and makes the whole build and packaging process much more complicated.
There is another issue too: If you have a static private key that you use to
sign modules (and probably other things), someone will likely give you a GPL
request to get it.
One advantage of using a transient key every build and deleting it after is
that no one has the key.
One other thing to remember: security is *meant* to get in the way. That's
the whole point of it.
However, IANAL.
David
More information about the Linux-security-module-archive
mailing list