On Wed, 2016-08-03 at 09:46 -0700, Andy Lutomirski wrote:
[...]
> And it gets rid of the IMO extremely nasty temporary key.  I
> personally think that reproducible builds would add considerable value
> to many use cases, and we currently can't simultaneously support
> reproducible builds and Secure Boot without a big mess involving
> trusted parties, and the whole point of reproducible builds is to
> avoid needed to trust the packager.
[...]

You need that trusted party to supply a signature for the kernel, so
why is it so much worse to have them do that for the modules as well?

As you may be aware, I'm dealing with this in Debian by putting
detached signatures into the source package that builds signed
binaries.  The two package build processes are each reproducible (aside
from a recently discovered dependence on whether /bin/sh is bash or
dash).

Ben.

-- 

Ben Hutchings
Nothing is ever a complete failure; it can always serve as a bad
example.