| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 06 Nov 2012 00:05:25 +0000 From: David Howells <dhowells@...hat.com> To: Takashi Iwai <tiwai@...e.de> Cc: dhowells@...hat.com, Matthew Garrett <mjg59@...f.ucam.org>, Alan Cox <alan@...rguk.ukuu.org.uk>, joeyli <jlee@...e.com>, Jiri Kosina <jkosina@...e.cz>, Rusty Russell <rusty@...tcorp.com.au>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org Subject: Re: [PATCH RFC 0/4] Add firmware signature file check David Howells <dhowells@...hat.com> wrote: > Takashi Iwai <tiwai@...e.de> wrote: > > > this is a patch series to add the support for firmware signature > > check. At this time, the kernel checks extra signature file (*.sig) > > for each firmware, instead of embedded signature. > > It's just a quick hack using the existing module signing mechanism, > > thus provided only as a proof of concept for now. > > There is another way to do this. If you look at the patches I proposed to > wrap keys in PE binaries, you'll find that that can handle PKCS#7 format > messages as that's what's in the sort of signed PE binary we're dealing with. See: http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/devel-pekey > You could use this to put the firmware inside a signed-data PKCS#7 message. Note that the ASN.1 decoder in the kernel would need altering to handle messages larger than 64KB. David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists