List Archive: gentoo-dev
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Fri, Jun 15, 2012 at 8:22 AM, Luca Barbato <email@example.com> wrote:
> If we want to try to get serious on 5, we could try to gather the
> hardened/security people across distributions and setup the whole chain
> to be parallel and cut deals with OEM to store this trust-chain keys
> along with MS.
Perhaps. Since we're only talking about the kernel really and that
doesn't vary as much across distros, we might even be able to get
momentum for it.
You could create a standard "secure kernel" - probably as a patch set
initially but perhaps merged into mainline with a config option that
turns on key verification for loading modules. Anybody could use that
to secure their own systems by using their own key in the
configuration. The central body could prepare and sign binaries for
individual distros. A distro would supply a kernel config file and
patch set and identifier for the upstream kernel to build against.
The central body would audit the patches and config for security,
build the kernel, and sign it, assessing a fee perhaps (likely cheap
for config-only, and expensive for extensive patches). The costs need
not be all that high - if you assume that vanilla linux with the
config option turned on is good enough then you only have to check
that the option is set, blacklist "bad" settings, and verify patches.
They could revoke certs when security issues are found, by keeping a
history of what configs/versions got signed.
Users could load the signing key of this body into their custom
settings, or OEMs could be persuaded to include it. The latter would
never be 100% effective unless a court ordered it.