Kernel configuration options
M. Edward (Ed) Borasky
znmeb at cesmail.net
Tue Jan 1 16:52:39 EST 2008
Mitch Bradley wrote:
> From a security standpoint, there is an advantage to building in
> everything. The main kernel is verified with a crypto signature before
> it is executed. Loading a module without first verifying a
> similarly-strong signature weakens the security.
>
> Modules are a good idea for kernels that are intended to run on a wide
> variety of hardware. I am in favor of treating XO like an appliance and
> making the kernel as monolithic as possible.
I'm not familiar with the security stuff in general or this case in
particular. But I think the "trend" in the Linux community has been
towards more flexibility, moving stuff from kernel space to user space, etc.
Then again, since the *hardware* is soldered onto the mainboard and
can't be easily expanded, why shouldn't the *kernel* be just as
inflexible? ;)
More information about the Devel
mailing list