Date: 2012-02-16 12:17 pm (UTC)
From: [personal profile] mjg59
How would the kernel know that a module was the nvidia or vmware driver? If you don't sign them then it's possible for an attacker to modify them and use them to execute arbitrary code.

You need a signing key to sign your bootloader and kernel. If Mint shipped identical binaries that were identical to Ubuntu then they could get by without needing their own key, but if they built their own kernel or bootloader they'd need to be able to re-sign them. If Ubuntu let them use their key, what would happen if Mint introduced a bug that let their bootloader load arbitrary code? If it were signed with Ubuntu's key then Ubuntu would look bad, and people would want to blacklist that key.

It's likely that organisations that need remote installation would only buy machines that support it. But we don't know how those machines would work yet.
Identity URL: 
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


If you are unable to use this captcha for any reason, please contact us by email at

Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Nebula. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Expand Cut Tags

No cut tags