Re: [GIT PULL] Load keys from signed PE binaries
From: Peter Jones
Date: Thu Feb 21 2013 - 13:34:57 EST
On Thu, Feb 21, 2013 at 10:25:47AM -0800, Linus Torvalds wrote:
> - why do you bother with the MS keysigning of Linux kernel modules to
> begin with?
This is not actually what the patchset implements. All it's done here
is using PE files as envelopes for keys. The usage this enables is to
allow for whoever makes a module (binary only or merely out of tree for
whatever reason) to sign it and vouch for it themselves. That could
include, for example, a systemtap module.
--
Peter
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/