Kernel configuration options
Bernardo Innocenti
bernie at laptop.org
Tue Jan 1 17:52:08 EST 2008
Mitch Bradley wrote:
> From a security standpoint, there is an advantage to building in
> everything. The main kernel is verified with a crypto signature before
> it is executed. Loading a module without first verifying a
> similarly-strong signature weakens the security.
>
> Modules are a good idea for kernels that are intended to run on a wide
> variety of hardware. I am in favor of treating XO like an appliance and
> making the kernel as monolithic as possible.
Uh-oh... Does our security system really depend on this?
Reducing the number of modules is not going to help, because
you only need to load a single module to tap into the kernel.
Building everything statically and disabling module loading
is also not an option if you want half decent support for
USB devices. Note that USB also brings in SCSI, DVB, and
a lot more.
--
\___/
|___| Bernardo Innocenti - http://www.codewiz.org/
\___\ One Laptop Per Child - http://www.laptop.org/
More information about the Devel
mailing list