| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 May 2015 19:47:52 +0100 From: David Howells <dhowells@...hat.com> To: "Luis R. Rodriguez" <mcgrof@...e.com> Cc: dhowells@...hat.com, rusty@...tcorp.com.au, mmarek@...e.cz, mjg59@...f.ucam.org, keyrings@...ux-nfs.org, dmitry.kasatkin@...il.com, linux-kernel@...r.kernel.org, seth.forshee@...onical.com, linux-security-module@...r.kernel.org, dwmw2@...radead.org Subject: Re: sign-file and detached PKCS#7 firmware signatures Luis R. Rodriguez <mcgrof@...e.com> wrote: > I'll also mention: > > --- > The $DIGEST_ALGORITHM needs to be supported on the running kernel and > can differ from CONFIG_MODULE_SIG_HASH. > --- > > As I do no think that is quite obvious to a system integrator at first. Actually, this isn't necessarily so for the firmware. It *is* for the module signing, but you can always load the module to give you the digest algorithm (or public key algorithm) for the firmware. Though you would still have to be careful with firmware loaded during the initramfs phase. David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists