[PATCH v4 00/17] module: Introduce hash-based integrity checking
David Howells
dhowells at redhat.com
Mon Feb 2 09:21:19 UTC 2026
Eric Biggers <ebiggers at kernel.org> wrote:
> With that being the case, why is there still effort being put into
> adding more features to module signing? I would think efforts should be
> focused on hash-based module authentication, i.e. this patchset.
Because it's not just signing of modules and it's not just modules built with
the kernel. Also a hash table just of module hashes built into the core
kernel image will increase the size of the kernel by around a third of a meg
(on Fedora 43 and assuming SHA512) with uncompressible data.
David
More information about the Linux-security-module-archive
mailing list