Re: [RFC v1.1 3/5] evm: digital signature support

From: James Morris
Date: Mon Aug 15 2011 - 21:04:14 EST

On Thu, 11 Aug 2011, Dmitry Kasatkin wrote:

> From: Dmitry Kasatkin <dmitry.kasatkin@xxxxxxxxx>
> When building an image, which has to be flashed to different devices,
> an HMAC cannot be used to sign file metadata, as the HMAC key is different
> on every device. File metadata can be protected using digital signature.
> This patch enables RSA signature based integrity verification.

This description (also the kconfig text) is not very clear. Perhaps start
with what the feature does rather than what the lack of it doesn't.

James Morris
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at