Private keys can be kept if authentication is open
Posted by: Anonymous Coward
on February 04, 2006 12:38 AM
As long as the recommended and principal way to run a module for a kernel distributed by Red Hat is to have it recognized as being signed exclusively by Red Hat, you would have to include the signing keys in the source code. However, if you can install additional public authorization keys for the kernel, so that it can recognize modules signed by other parties, and instead of the tainted / untainted mode of the kernel, it either handles all modules with recognized signatures alike, or it counts the number of signatures used impartially, or keeps a list of the entities that signed the kernel (and of course if can still raise a tainted flag for moduels without a recognized signature), then the recommended way to run a kernel module changes to: run it authenticated by having it signed by an entity that you trust (which could be yourself). Then there is no need to distribute private keys to satisfy the provisions of GPL v3.