[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1416836587.25352.24.camel@dhcp-9-2-203-236.watson.ibm.com>
Date: Mon, 24 Nov 2014 08:43:07 -0500
From: Mimi Zohar <zohar@...ux.vnet.ibm.com>
To: David Howells <dhowells@...hat.com>
Cc: mmarek@...e.cz, d.kasatkin@...sung.com, rusty@...tcorp.com.au,
vgoyal@...hat.com, keyrings@...ux-nfs.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/5] PKCS#7: Allow detached data to be supplied for
signature checking purposes
On Mon, 2014-11-24 at 12:48 +0000, David Howells wrote:
> Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote:
>
> > Ok, PCKS#7 supports detached data. I assume this is not needed for
> > kernel modules. What is the motivation for adding this support to the
> > kernel?
>
> See patch #5. I should probably note that in the commit message.
This patch set does not change the syscall. The signature is still
appended to the kernel module. In fact, the call from
kernel/module_signing.c: mod_verify_pkcs7() calls
pkcs7_supply_detached_data() with a pointer to the module and the module
length to set the data field. pkcs7_supply_detached_data() would not be
defined or exported, unless it was going to be called elsewhere. How
else are you planning on using pkcs7_supply_detached_data()?
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists