From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <luto@amacapital.net>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 2330894D
	for <ksummit-discuss@lists.linuxfoundation.org>;
	Tue,  2 Aug 2016 18:56:18 +0000 (UTC)
Received: from mail-ua0-f177.google.com (mail-ua0-f177.google.com
	[209.85.217.177])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 873C017F
	for <ksummit-discuss@lists.linuxfoundation.org>;
	Tue,  2 Aug 2016 18:56:14 +0000 (UTC)
Received: by mail-ua0-f177.google.com with SMTP id 35so136113140uap.1
	for <ksummit-discuss@lists.linuxfoundation.org>;
	Tue, 02 Aug 2016 11:56:14 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <CALCETrXWVTmbuUa-d7EH2kGRZM+HCiqje11AqxWm7ntd5fjLDg@mail.gmail.com>
References: <1469631987.27356.48.camel@HansenPartnership.com>
	<20150804152622.GY30479@wotan.suse.de>
	<1468612258.5335.0.camel@linux.vnet.ibm.com>
	<1468612671.5335.5.camel@linux.vnet.ibm.com>
	<20160716005213.GL30372@sirena.org.uk>
	<1469544138.120686.327.camel@infradead.org>
	<14209.1469636040@warthog.procyon.org.uk>
	<1469636881.27356.70.camel@HansenPartnership.com>
	<1469637367.27356.73.camel@HansenPartnership.com>
	<1469648220.23563.15.camel@linux.vnet.ibm.com>
	<CALCETrXWVTmbuUa-d7EH2kGRZM+HCiqje11AqxWm7ntd5fjLDg@mail.gmail.com>
From: Andy Lutomirski <luto@amacapital.net>
Date: Tue, 2 Aug 2016 11:55:52 -0700
Message-ID: <CALCETrXPq3f6bH16i1cGWmkAapNvF6eQZtUx=CAZYEF8jVd7eQ@mail.gmail.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Content-Type: text/plain; charset=UTF-8
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>,
	Mark Brown <broonie@sirena.org.uk>,
	"ksummit-discuss@lists.linuxfoundation.org"
	<ksummit-discuss@lists.linuxfoundation.org>
Subject: Re: [Ksummit-discuss] Last minute nominations: mcgrof and toshi
List-Id: <ksummit-discuss.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/ksummit-discuss>,
	<mailto:ksummit-discuss-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/ksummit-discuss/>
List-Post: <mailto:ksummit-discuss@lists.linuxfoundation.org>
List-Help: <mailto:ksummit-discuss-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/ksummit-discuss>,
	<mailto:ksummit-discuss-request@lists.linuxfoundation.org?subject=subscribe>

On a related topic: last year or so, I argued that
CONFIG_MODULE_SIG_ALL and, more generally, the idea that in-tree
modules should be signed, is a suboptimal design.  Instead, I think
that the kernel shoud just learn to recognize its in-tree modules by
hash.  This would allow reproducible builds, get rid of the
autogenerated key, and would allow distros that don't support binary
modules to avoid needing the asymmetric key infrastructure at all (for
modules, anyway -- firmware is a different story.  But a firmware
signing key doesn't interfere with the kernel build process the way
that an in-tree module signing key does.)

On the theory that code speaks louder than vitriol, I decided to try
to implement it.  The actual code is trivial (I expect under 50 lines
*total* for the compile-time and run-time parts together), but
convincing make to build the thing is a real pain in the arse.

So expect code from me before KS unless I really get stuck fighting
kbuild.  And, unless anyone objects, I intend to propose that we
delete CONFIG_MODULE_SIG_ALL entirely once this thing works.

--Andy