When the Linux development community decided it was high time to implement kernel module signing, different developers had different ideas on how module signatures should be constructed and verified. I will discuss how Linux kernel module signing evolved over that past ten years, pointing out mistakes made and fixed throughout the last 10 years. The challenges the Linux community faced in designing and implementing kernel module signing are not unique to Linux modules, we probably can see the same mistakes make in other code-signing schemes that are in use today. By studying the evolution of Linux code signing we can learn to find and remove bugs in both present and future code-signing schemes.
Rebecca ".bx" Shapiro is a graduate student at a small college in Northern Appalachia, known as Dartmouth College. She enjoys tinkering with systems in undocumented manners to find hidden sources of computation. She hopes to continue this work to find more specimens for Sergey Bratus' weird machine zoo.