Re: [PATCH 00/23] Crypto keys and module signing

From: David Howells
Date: Tue Jun 05 2012 - 09:38:07 EST


Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:

> As the signature would be stored as an extended attribute, we wouldn't
> need to pass it. Unfortunately not all filesystems have xattr support,
> nor do all of the package installation mechanims. The benefit of
> storing the signature as an extended attribute, however, is that there
> is a consistent mechanism for verifying file data integrity for all
> files, not only ELF.

We also want to be able to do module signature verification with CONFIG_IMA=n.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/