| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5839.1352160112@warthog.procyon.org.uk> Date: Tue, 06 Nov 2012 00:01:52 +0000 From: David Howells <dhowells@...hat.com> To: Takashi Iwai <tiwai@...e.de> Cc: dhowells@...hat.com, Matthew Garrett <mjg59@...f.ucam.org>, Alan Cox <alan@...rguk.ukuu.org.uk>, joeyli <jlee@...e.com>, Jiri Kosina <jkosina@...e.cz>, Rusty Russell <rusty@...tcorp.com.au>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org Subject: Re: [PATCH RFC 0/4] Add firmware signature file check Takashi Iwai <tiwai@...e.de> wrote: > this is a patch series to add the support for firmware signature > check. At this time, the kernel checks extra signature file (*.sig) > for each firmware, instead of embedded signature. > It's just a quick hack using the existing module signing mechanism, > thus provided only as a proof of concept for now. There is another way to do this. If you look at the patches I proposed to wrap keys in PE binaries, you'll find that that can handle PKCS#7 format messages as that's what's in the sort of signed PE binary we're dealing with. You could use this to put the firmware inside a signed-data PKCS#7 message. David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists