Open gmoirod opened 3 years ago
I don't see how self-sign module is going to help you. If you don't turn the kernel module signing on, you still have to be a root user to run modprobe
and insmod
. After you sign the modules, you are still running the modules with the same function.
I have no plan to update the documentation myself to encourage self-signing of kernel module, as I don't plan to do it myself, and I don't see the point.
Mmh root access and signed modules are 2 distinct things. You may want (or be obliged by your company) to turn on UEFI Secure Boot. This prevent you to install software which, in turn, will install low-level libraries (ex : virtualbox does that). Doing this can compromise your system without knowing it. Self signing allow you to keep this security and load such modules but you are doing it explicitly. So you do it on purpose and you know what it implies.
Moreover, it educates people about security. Never bad 🙂
Doing this can compromise your system without knowing it.
Sorry, how do you know your self-signed kernel module would not compromise system security?
Self signing allow you to keep this security and load such modules but you are doing it explicitly.
Compiling kernel module and installing it is very explicit already. Your custom kernel module is not going to compile itself and install itself to the correct location, and load itself automatically.
If you are obliged by your company to turn on UEFI, then you probably would have to find out how to self-sign your kernel module.
Doing this can compromise your system without knowing it.
Sorry, how do you know your self-signed kernel module would not compromise system security?
Self signing allow you to keep this security and load such modules but you are doing it explicitly.
Compiling kernel module and installing it is very explicit already. Your custom kernel module is not going to compile itself, install itself to the correct location, and load itself automatically.
If a user is obliged by the company to turn on UEFI, then the user just have to find out how to sign your kernel module themselves...
You do not know. But the user decide to load it. He knows. So he is responsible for this module.
Compile and install is explicit. Yes. But advise to turn off a global security system to allow loading one is overkill. It will allow future unsecured and unwanted installation.
I just feel disappointed to read "turn off security" to make it work. But it is OK. Your project. Your decision. I'll keep using it anyway.
I think people who are concerned about turning it off knows what it does anyway. The blog posts you linked are not adequate for my purposes, because they don't seem to mention how it works with DKMS.
But advise to turn off a global security system to allow loading one is overkill. It will allow future unsecured and unwanted installation.
You still haven't explained how self-signed kernel module helps with security, when you have to explicitly load the kernel module anyway. If it is someone who cares about serious security, they would know their threat models, they would already make their own judgement on whether or not to turn off secure boot.
Alright, I am now convinced that Secure Boot is a useful feature to have on, but I do feel giving instructions to users on how to set it up is beyond the scope of the project - I can't set it up properly myself!
Hey @fangfufu ! What a turnaround ! I'm glad we finally agree on this point :-)
I agree this is beyond the scope of your project. As i mentioned in the first post, you should mention the 2 ways to manage that case :
Apparently Ubuntu signs the DKMS kernel automatically anyway, but I don't use Ubuntu myself.
In the readme, you advice to disable UEFI Secure Boot. I disagree, it is a terrible way and should mention that it exposes the user system to install untrusted modules at low-level. You should mention the 2 choices :
Btw, thank you for this project. i was looking for that long ago :-)