Re: [PATCH 0/6] MODSIGN: Kernel module signing

[David Howells]

Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:

> >  (1) A cut-down MPI library derived from GPG with error handling added.
> 
> Do we really need to add this?

I presume you mean the MPI library specifically?  If so, then yes.  It's
necessary to do DSA signature verification (or RSA for that matter).

> Wouldn't it be much nicer to just teach people to use one of the existing 
> signature things that we need for _other_ cases anyway, and already have 
> merged?

Existing signature things?  I know not of such beasts, nor can I see them
offhand.

> (Of course, it's possible that none of the current crypto supports any 
> signature checking at all - I didn't actually look. In which case my 
> argument is pointless).

Hashing, yes; encryption, yes; signature checking: no from what I can see.

It's possible that I can share code with eCryptFS, though at first sight that
doesn't seem to overlap with what I want to do.

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/