[PATCH v4 00/17] module: Introduce hash-based integrity checking
Eric Biggers
ebiggers at kernel.org
Mon Feb 2 18:47:25 UTC 2026
On Mon, Feb 02, 2026 at 06:38:51PM +0000, David Howells wrote:
> > Could you give more details on this use case and why it needs
> > signatures, as opposed to e.g. loading an additional Merkle tree root
> > into the kernel to add to the set of allowed modules?
>
> Because we don't want to, for example, include all the nvidia drivers in our
> kernel SRPM.
That doesn't answer my question. Are you trying to say these modules
need to be built later *and* signed using the original signing key?
- Eric
More information about the Linux-security-module-archive
mailing list