Language Selection

English French German Italian Portuguese Spanish

Kernel Log - Coming in 3.7 (Part 3): Infrastructure

Filed under
Linux

Linux 3.7 can sign kernel modules and verify those signatures and, therefore, the integrity of the modules before loading them (1, 2, 3, 4, 5, 6, 7). Some enterprise distributions have had similar features for a while – for example, to ensure that the modules used for troubleshooting are really from the distribution kernel. Developers have been working on integrating the functionality into Linux as some distributions want to load only signed kernel modules when booted with UEFI secure boot – this is now possible with the integrated code.

Another new feature is the integrity appraisal extension for the Integrity Measurement Architecture (IMA), which the kernel has supported for quite some time now (1, 2). IMA can store signed hashes for files and use them to recognise when binaries from the Linux installation have been changed.

rest here




More in Tux Machines

Debian 9.0 "Stretch" Might Not Have UEFI Secure Boot Support

Debian 9.0 "Stretch" has seen UEFI Secure Boot support no longer being considered a release blocker but is now just a stretch goal for this upcoming release. Debian developer Jonathan Wiltshire shared that while Secure Boot support was planned for Debian 9.0, it might not happen now due to short on time and resources. Secure Boot might still work its way though into a later Debian 9.x update. Read more

Development News: Rust 1.17 and SourceForge

  • Announcing Rust 1.17
    The Rust team is happy to announce the latest version of Rust, 1.17.0. Rust is a systems programming language focused on safety, speed, and concurrency.
  • Rust 1.17 Released
    Judging by the massive Rust fan base in our forums, those of you reading this will be delighted today about the newest version of Rustlang, v1.17.
  • SourceForge: Let's hold hands in a post-CodePlex world [Ed: Microsoft Gavin needlessly interjects Microsoft into it. Like CodePlex was EVER relevant…]
    President Logan Abbott has said he’ll seek tighter integration between SourceForge’s tools and those of others – including giant rival GitHub.

Nouveau Re-Clocked With DRM-Next Linux 4.12 + Mesa 17.2-dev vs. NVIDIA 381 Driver

A few days back I posted benchmarks of the initial GTX 1050/1060/1070/1080 Nouveau 3D support. As expected, the performance was rather abysmal with re-clocking not being available for Pascal (or Maxwell) GPUs on this open-source NVIDIA Linux kernel driver. For those trying to use Nouveau for Linux games or care about your GPU clock speeds, currently the GTX 600/700 "Kepler" series is still your best bet or the GTX 750 "Maxwell 1" is the last NVIDIA graphics processors not requiring signed firmware images and can properly -- but manually -- re-clock with the current Nouveau driver. Read more

Coverage From Recent Linux Conferences