On 1/22/2016 7:04 AM, Gordon Messmer wrote:> On 01/21/2016 11:33 PM, wk wrote: >> How can I sign my test.ko for CentOS7.1? > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.htmlwhat a pile of security theater that MOK thing is. theater of the absurd, anyways. -- john r pierce, recycling bits in santa cruz
It works on linux, it can't be secure? :) Eero 22.1.2016 8.54 ip. "John R Pierce" <pierce at hogranch.com> kirjoitti:> On 1/22/2016 7:04 AM, Gordon Messmer wrote: > >> On 01/21/2016 11:33 PM, wk wrote: >> >>> How can I sign my test.ko for CentOS7.1? >>> >> >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html >> > > > what a pile of security theater that MOK thing is. theater of the > absurd, anyways. > > > > -- > john r pierce, recycling bits in santa cruz > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
On 1/22/2016 11:00 AM, Eero Volotinen wrote:> It works on linux, it can't be secure?if you can insert a custom Machine Owner Key into this keyring, then anyone with sufficient ingenuity can, too. which renders the whole signature thing moot, other than as another step to be cracked. -- john r pierce, recycling bits in santa cruz