[PATCH v4 00/17] module: Introduce hash-based integrity checking
Eric Biggers
ebiggers at kernel.org
Mon Feb 2 18:30:55 UTC 2026
On Mon, Feb 02, 2026 at 09:21:19AM +0000, David Howells wrote:
> Eric Biggers <ebiggers at kernel.org> wrote:
>
> > With that being the case, why is there still effort being put into
> > adding more features to module signing? I would think efforts should be
> > focused on hash-based module authentication, i.e. this patchset.
>
> Because it's not just signing of modules
Module signing is indeed about the signing of modules.
> and it's not just modules built with the kernel.
Could you give more details on this use case and why it needs
signatures, as opposed to e.g. loading an additional Merkle tree root
into the kernel to add to the set of allowed modules?
> Also a hash table just of module hashes built into the core
> kernel image will increase the size of the kernel by around a third of a meg
> (on Fedora 43 and assuming SHA512) with uncompressible data.
This patchset already optimizes it to use Merkle tree proofs instead.
While I'm a bit skeptical of the complexity myself (and distros
shouldn't be shipping such an excessively large number of modules in the
first place), if it's indeed needed it's already been solved. It's
still much simpler than the PKCS#7 signature mess.
- Eric
More information about the Linux-security-module-archive
mailing list