Re: [RFC v1.1 3/5] evm: digital signature support

From: James Morris
Date: Mon Aug 15 2011 - 21:04:14 EST

Next message: Andi Kleen: "Re: [RFC] x86: restrict pid namespaces to 32 or 64 bit syscalls"
Previous message: James Morris: "Re: [RFC v1.1 2/5] crypto: ksign - digital signature verificationsupport"
In reply to: Dmitry Kasatkin: "[RFC v1.1 3/5] evm: digital signature support"
Next in thread: Dmitry Kasatkin: "[RFC v1.1 4/5] ksign: provides keyring to search in for the key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 11 Aug 2011, Dmitry Kasatkin wrote:

> From: Dmitry Kasatkin <dmitry.kasatkin@xxxxxxxxx>
>
> When building an image, which has to be flashed to different devices,
> an HMAC cannot be used to sign file metadata, as the HMAC key is different
> on every device. File metadata can be protected using digital signature.
> This patch enables RSA signature based integrity verification.

This description (also the kconfig text) is not very clear. Perhaps start
with what the feature does rather than what the lack of it doesn't.

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [RFC] x86: restrict pid namespaces to 32 or 64 bit syscalls"
Previous message: James Morris: "Re: [RFC v1.1 2/5] crypto: ksign - digital signature verificationsupport"
In reply to: Dmitry Kasatkin: "[RFC v1.1 3/5] evm: digital signature support"
Next in thread: Dmitry Kasatkin: "[RFC v1.1 4/5] ksign: provides keyring to search in for the key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]