From: Michal Marek <mmarek@suse.cz>
To: Lucas De Marchi <lucas.de.marchi@gmail.com>
Cc: Wouter van Kesteren <woutershep@gmail.com>,
linux-modules <linux-modules@vger.kernel.org>,
David Howells <dhowells@redhat.com>
Subject: Re: Support for PKCS#7 module signing.
Date: Thu, 4 Feb 2016 14:19:45 +0100 [thread overview]
Message-ID: <56B34FF1.30305@suse.cz> (raw)
In-Reply-To: <CAKi4VA+ZsmP_xfQgD9XpoXidB=-JaMcpsAfG7v4-M2my3khVkg@mail.gmail.com>
On 2016-01-14 20:43, Lucas De Marchi wrote:
> Hi Wouter,
>
>
> Sorry for the delay.
Hi,
sorry for the even longer delay.
> On Sun, Jan 10, 2016 at 10:15 PM, Wouter van Kesteren
> <woutershep@gmail.com> wrote:
>> Hello,
>>
>> I asked the following on irc, where it was suggested that i take it to
>> this mailing list instead.
>>
>> Commit https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bc1c373dd2a5113800360f7152be729c9da996cc
>> introduced a new method of signing modules.
>>
>> I attempted to make a patch to support this new method of signing. But
>> whilst doing so i came to the conclusion that a lot of things that are
>> in the appended struct are now set to zero.
>> Infact, everything except id_type (which is 2) and sig_len is set to
>> zero. Instead this information seems to be embedded in the signature
>> blob instead.
>
> That struct should be filled by the tool signing the module:
[...]
> I'm not sure why it was decided to omit this information in the commit
> you mentioned and embed it inside the signature blob.
The kernel now retrieves the hash and algorithm from the PKCS#7 message.
> Ideally kmod would not link to any crypto library.
Right. What we can do easily is to print signature: PKCS#7 to at least
let the user know that the module has a signature appended.
Michal
prev parent reply other threads:[~2016-02-04 13:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-11 0:15 Support for PKCS#7 module signing Wouter van Kesteren
2016-01-14 19:43 ` Lucas De Marchi
2016-02-04 13:19 ` Michal Marek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56B34FF1.30305@suse.cz \
--to=mmarek@suse.cz \
--cc=dhowells@redhat.com \
--cc=linux-modules@vger.kernel.org \
--cc=lucas.de.marchi@gmail.com \
--cc=woutershep@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.