Re: [PATCH 14/16] X.509: Add an ASN.1 decoder
From: Alan Cox
Date: Tue Sep 18 2012 - 14:46:44 EST
On Tue, 18 Sep 2012 18:34:12 +0100
David Howells <dhowells@xxxxxxxxxx> wrote:
> Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:
>
> > Why do this in the kernel.That appears to be completely insane.
>
> A number of reasons:
>
> (1) The UEFI signature/key database may contain ASN.1 X.509 certificates and
> we may need to use those very early in the boot process, during initrd.
Ok that makes some sense. Presumably they've also got to fall within what
you trust and sign ?
Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/