Re: [PATCH v1 02/12] kernel: generalize module signing as system data signing

From: David Howells
Date: Wed May 06 2015 - 08:09:55 EST

Next message: Krzysztof KozÅowski: "Re: [PATCH v3] power_supply: Add support for Richtek rt9455 battery charger"
Previous message: Ulf Hansson: "Re: [PATCH v2] mmc: sdhci-esdhc-imx: fix abort due to missing runtime PM"
In reply to: Luis R. Rodriguez: "[RFC v1 12/12] cfg80211: request for regulatory system data file"
Next in thread: David Howells: "Re: [RFC v1 05/12] firmware: add firmware signature checking support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Luis R. Rodriguez <mcgrof@xxxxxxxxxxxxxxxx> wrote:

> This generalizes the module signing code as helpers, we do
> this as we'll later re-use this same code for firmware and
> other system data signing.

I'm trying to move us to the use of PKCS#7 certificates as module signatures.
See here:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=modsign-pkcs7

I would suggest you use this as a base.

Also, I would suggest, if you can manage it, either:

(1) Keep the signature and the firmware blobs separate on disk for copyright
and/or licensing purposes.

(2) Put the firmware blob inside the PKCS#7 message as the embedded data.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Krzysztof KozÅowski: "Re: [PATCH v3] power_supply: Add support for Richtek rt9455 battery charger"
Previous message: Ulf Hansson: "Re: [PATCH v2] mmc: sdhci-esdhc-imx: fix abort due to missing runtime PM"
In reply to: Luis R. Rodriguez: "[RFC v1 12/12] cfg80211: request for regulatory system data file"
Next in thread: David Howells: "Re: [RFC v1 05/12] firmware: add firmware signature checking support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]