From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Luis R. Rodriguez" Subject: Re: Looking for extensible kernel database format Date: Mon, 13 Apr 2015 11:09:21 -0700 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: linux-wireless , Matthew Garrett , Kees Cook , Ming Lei , Greg Kroah-Hartman , Johannes Berg , Seth Forshee , "Luis R. Rodriguez" , netfilter-devel@vger.kernel.org To: "netdev@vger.kernel.org" , "linux-kernel@vger.kernel.org" Return-path: In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: netfilter-devel.vger.kernel.org On Thu, Apr 9, 2015 at 5:57 PM, Luis R. Rodriguez wrote: > Hey folks, > > next week I'd like to address replacing the need for CRDA [0] as a > udev helper with in-kernel functionality There's a few motivations > for this but a good one is that the kernel already has now > cryptographic support to verify the integrity of the regulatory > database, just as it has support for verifying the integrity of > modules / firmware. We'd use something like: > > request_file(file_reqs) > > Where the file_reqs provides the requirements, including cryptographic > requirements, and I suspect we'd use LSM to vet for the cryptographic > needs of the file. > > Now other than this step CRDA currently *reads* a database and today > we have our own format. If we want to extend this though we will have > to issue a new regdb format and old kernels might not be compatible > with the new format. This is a typical database problem and I'm hoping > we are not the first to deal with this. What *extensible* kernel > database format are there already, are they generic already? I'd > prefer something already using netlink. > > Any recommendations? > > [0] https://wireless.wiki.kernel.org/en/developers/regulatory/crda OK I haven't heard back so will just work towards a very simple extensible db and proceed as planned to reuse the existing request_firmware_direct() API but with cryptographic requirements and vetting through LSM. Luis