| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201021102007.GB13854@linux-l9pv.suse>
Date: Wed, 21 Oct 2020 18:20:07 +0800
From: joeyli <jlee@...e.com>
To: Randy Dunlap <rdunlap@...radead.org>
Cc: list.lkml.keyrings@...benboeckel.net,
"Lee, Chun-Yi" <joeyli.kernel@...il.com>,
David Howells <dhowells@...hat.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S . Miller" <davem@...emloft.net>, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 2/2] PKCS#7: Check codeSigning EKU for kernel module
and kexec pe verification
Hi Randy,
On Tue, Oct 20, 2020 at 07:56:29AM -0700, Randy Dunlap wrote:
> On 10/20/20 6:42 AM, Ben Boeckel wrote:
> > On Tue, Oct 20, 2020 at 14:50:01 +0800, Lee, Chun-Yi wrote:
> >> +config CHECK_CODESIGN_EKU
> >> + bool "Check codeSigning extended key usage"
> >> + depends on PKCS7_MESSAGE_PARSER=y
> >> + depends on SYSTEM_DATA_VERIFICATION
> >> + help
> >> + This option provides support for checking the codeSigning extended
> >> + key usage extension when verifying the signature in PKCS#7. It
>
> extended ... extension.
> Can we drop one of those or reword it?
I will remove the _extension_ word in next version. Thanks for your review!
Joey Lee
Powered by blists - more mailing lists