From: Sami Tolvanen <samitolvanen@google•com>
To: "Thomas Weißschuh" <linux@weissschuh•net>
Cc: "Alexei Starovoitov" <ast@kernel•org>,
"Daniel Borkmann" <daniel@iogearbox•net>,
"Andrii Nakryiko" <andrii@kernel•org>,
"Eduard Zingerman" <eddyz87@gmail•com>,
"Kumar Kartikeya Dwivedi" <memxor@gmail•com>,
"Nathan Chancellor" <nathan@kernel•org>,
"Nicolas Schier" <nsc@kernel•org>,
"Arnd Bergmann" <arnd@arndb•de>,
"Luis Chamberlain" <mcgrof@kernel•org>,
"Petr Pavlu" <petr.pavlu@suse•com>,
"Daniel Gomez" <da.gomez@samsung•com>,
"Paul Moore" <paul@paul-moore•com>,
"James Morris" <jmorris@namei•org>,
"Serge E. Hallyn" <serge@hallyn•com>,
"Jonathan Corbet" <corbet@lwn•net>,
"Madhavan Srinivasan" <maddy@linux•ibm.com>,
"Michael Ellerman" <mpe@ellerman•id.au>,
"Nicholas Piggin" <npiggin@gmail•com>,
"Naveen N Rao" <naveen@kernel•org>,
"Mimi Zohar" <zohar@linux•ibm.com>,
"Roberto Sassu" <roberto.sassu@huawei•com>,
"Dmitry Kasatkin" <dmitry.kasatkin@gmail•com>,
"Eric Snowberg" <eric.snowberg@oracle•com>,
"Nicolas Schier" <nicolas.schier@linux•dev>,
"Daniel Gomez" <da.gomez@kernel•org>,
"Aaron Tomlin" <atomlin@atomlin•com>,
"Christophe Leroy (CS GROUP)" <chleroy@kernel•org>,
"Nicolas Bouchinet" <nicolas.bouchinet@oss•cyber.gouv.fr>,
"Xiu Jianfeng" <xiujianfeng@huawei•com>,
"Martin KaFai Lau" <martin.lau@linux•dev>,
"Song Liu" <song@kernel•org>,
"Yonghong Song" <yonghong.song@linux•dev>,
"Jiri Olsa" <jolsa@kernel•org>,
bpf@vger•kernel.org,
"Fabian Grünbichler" <f.gruenbichler@proxmox•com>,
"Arnout Engelen" <arnout@bzzt•net>,
"Mattia Rizzolo" <mattia@mapreri•org>,
kpcyrd <kpcyrd@archlinux•org>,
"Christian Heusel" <christian@heusel•eu>,
"Câju Mihai-Drosi" <mcaju95@gmail•com>,
"Eric Biggers" <ebiggers@kernel•org>,
"Sebastian Andrzej Siewior" <bigeasy@linutronix•de>,
linux-kbuild@vger•kernel.org, linux-kernel@vger•kernel.org,
linux-arch@vger•kernel.org, linux-modules@vger•kernel.org,
linux-security-module@vger•kernel.org, linux-doc@vger•kernel.org,
linuxppc-dev@lists•ozlabs.org, linux-integrity@vger•kernel.org,
debian-kernel@lists•debian.org
Subject: Re: [PATCH v5 00/14] module: Introduce hash-based integrity checking
Date: Mon, 18 May 2026 21:55:43 +0000 [thread overview]
Message-ID: <20260518215543.GA1878854@google.com> (raw)
In-Reply-To: <20260505-module-hashes-v5-0-e174a5a49fce@weissschuh.net>
Hi Thomas,
On Tue, May 05, 2026 at 11:05:04AM +0200, Thomas Weißschuh wrote:
> The current signature-based module integrity checking has some drawbacks
> in combination with reproducible builds. Either the module signing key
> is generated at build time, which makes the build unreproducible, or a
> static signing key is used, which precludes rebuilds by third parties
> and makes the whole build and packaging process much more complicated.
>
> The goal is to reach bit-for-bit reproducibility. Excluding certain
> parts of the build output from the reproducibility analysis would be
> error-prone and force each downstream consumer to introduce new tooling.
>
> Introduce a new mechanism to ensure only well-known modules are loaded
> by embedding a merkle tree root of all modules built as part of the full
> kernel build into vmlinux.
I noticed Sashiko had a few concerns about the build changes. Would you
mind taking a look to see if they're valid?
https://sashiko.dev/#/patchset/20260505-module-hashes-v5-0-e174a5a49fce%40weissschuh.net
Sami
next prev parent reply other threads:[~2026-05-18 21:55 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-05 9:05 [PATCH v5 00/14] module: Introduce hash-based integrity checking Thomas Weißschuh
2026-05-05 9:05 ` [PATCH v5 01/14] kbuild: generate module BTF based on vmlinux.unstripped Thomas Weißschuh
2026-05-05 9:05 ` [PATCH v5 02/14] lockdown: Make the relationship to MODULE_SIG a dependency Thomas Weißschuh
2026-05-05 9:05 ` [PATCH v5 03/14] kbuild: rename the strip_relocs command Thomas Weißschuh
2026-05-05 9:05 ` [PATCH v5 04/14] module: Drop pointless debugging message Thomas Weißschuh
2026-05-05 9:05 ` [PATCH v5 05/14] module: Make mod_verify_sig() static Thomas Weißschuh
2026-05-05 9:05 ` [PATCH v5 06/14] module: Switch load_info::len to size_t Thomas Weißschuh
2026-05-26 9:47 ` Petr Pavlu
2026-05-26 11:35 ` Thomas Weißschuh
2026-05-05 9:05 ` [PATCH v5 07/14] module: Make module authentication usable without MODULE_SIG Thomas Weißschuh
2026-05-26 10:53 ` Petr Pavlu
2026-05-26 11:38 ` Thomas Weißschuh
2026-05-26 12:27 ` kpcyrd
2026-05-05 9:05 ` [PATCH v5 08/14] module: Move authentication logic into dedicated new file Thomas Weißschuh
2026-05-26 11:58 ` Petr Pavlu
2026-05-05 9:05 ` [PATCH v5 09/14] module: Move signature type check out of mod_check_sig() Thomas Weißschuh
2026-05-26 13:03 ` Petr Pavlu
2026-05-05 9:05 ` [PATCH v5 10/14] module: Prepare for additional module authentication mechanisms Thomas Weißschuh
2026-05-26 13:14 ` Petr Pavlu
2026-05-05 9:05 ` [PATCH v5 11/14] module: update timestamp of modules.order after modules are built Thomas Weißschuh
2026-05-05 9:05 ` [PATCH v5 12/14] module: Introduce hash-based integrity checking Thomas Weißschuh
2026-05-05 9:05 ` [PATCH v5 13/14] kbuild: move handling of module stripping to Makefile.lib Thomas Weißschuh
2026-05-05 9:05 ` [PATCH v5 14/14] kbuild: make CONFIG_MODULE_HASHES compatible with module stripping Thomas Weißschuh
2026-05-18 21:55 ` Sami Tolvanen [this message]
2026-05-19 18:19 ` [PATCH v5 00/14] module: Introduce hash-based integrity checking Thomas Weißschuh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260518215543.GA1878854@google.com \
--to=samitolvanen@google$(echo .)com \
--cc=andrii@kernel$(echo .)org \
--cc=arnd@arndb$(echo .)de \
--cc=arnout@bzzt$(echo .)net \
--cc=ast@kernel$(echo .)org \
--cc=atomlin@atomlin$(echo .)com \
--cc=bigeasy@linutronix$(echo .)de \
--cc=bpf@vger$(echo .)kernel.org \
--cc=chleroy@kernel$(echo .)org \
--cc=christian@heusel$(echo .)eu \
--cc=corbet@lwn$(echo .)net \
--cc=da.gomez@kernel$(echo .)org \
--cc=da.gomez@samsung$(echo .)com \
--cc=daniel@iogearbox$(echo .)net \
--cc=debian-kernel@lists$(echo .)debian.org \
--cc=dmitry.kasatkin@gmail$(echo .)com \
--cc=ebiggers@kernel$(echo .)org \
--cc=eddyz87@gmail$(echo .)com \
--cc=eric.snowberg@oracle$(echo .)com \
--cc=f.gruenbichler@proxmox$(echo .)com \
--cc=jmorris@namei$(echo .)org \
--cc=jolsa@kernel$(echo .)org \
--cc=kpcyrd@archlinux$(echo .)org \
--cc=linux-arch@vger$(echo .)kernel.org \
--cc=linux-doc@vger$(echo .)kernel.org \
--cc=linux-integrity@vger$(echo .)kernel.org \
--cc=linux-kbuild@vger$(echo .)kernel.org \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=linux-modules@vger$(echo .)kernel.org \
--cc=linux-security-module@vger$(echo .)kernel.org \
--cc=linux@weissschuh$(echo .)net \
--cc=linuxppc-dev@lists$(echo .)ozlabs.org \
--cc=maddy@linux$(echo .)ibm.com \
--cc=martin.lau@linux$(echo .)dev \
--cc=mattia@mapreri$(echo .)org \
--cc=mcaju95@gmail$(echo .)com \
--cc=mcgrof@kernel$(echo .)org \
--cc=memxor@gmail$(echo .)com \
--cc=mpe@ellerman$(echo .)id.au \
--cc=nathan@kernel$(echo .)org \
--cc=naveen@kernel$(echo .)org \
--cc=nicolas.bouchinet@oss$(echo .)cyber.gouv.fr \
--cc=nicolas.schier@linux$(echo .)dev \
--cc=npiggin@gmail$(echo .)com \
--cc=nsc@kernel$(echo .)org \
--cc=paul@paul-moore$(echo .)com \
--cc=petr.pavlu@suse$(echo .)com \
--cc=roberto.sassu@huawei$(echo .)com \
--cc=serge@hallyn$(echo .)com \
--cc=song@kernel$(echo .)org \
--cc=xiujianfeng@huawei$(echo .)com \
--cc=yonghong.song@linux$(echo .)dev \
--cc=zohar@linux$(echo .)ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox