On Sun, 2006-01-29 at 11:49 -0700, Dax Kelson wrote: > >Has anyone tried to look for simpler signing mechanisms that make use of > >the crypto algorithms that are already in the kernel? > > Maybe you meant something else, but history has shown that 'rolling your own' mechanism is a bad idea. > > Are there even any suitable algorithms in the kernel?? I'm suggesting that if the only real problem that dsa in the kernel solves is module signing, then perhaps one can simplify the problem. For instance, if instead of going for a general signing mechanism in the kernel that will take any old module and verify it, you define a particular binary as being trusted, and then devise a signature that the kernel can check (even the SHA-1 of the binary image might be sufficient). The object would be to give the kernel a trusted program that can check module signatures on its behalf. Cheers, Trond - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <david@2gen.com>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- References:
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Christoph Hellwig <hch@infradead.org>
- [PATCH 00/04] Add DSA key type
- From: David Härdeman <david@2gen.com>
- [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <david@2gen.com>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Howells <dhowells@redhat.com>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <david@2gen.com>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Adrian Bunk <bunk@stusta.de>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <david@2gen.com>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Trond Myklebust <trond.myklebust@fys.uio.no>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <david@2gen.com>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Trond Myklebust <trond.myklebust@fys.uio.no>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <david@2gen.com>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Trond Myklebust <trond.myklebust@fys.uio.no>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Dax Kelson <dax@gurulabs.com>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- Prev by Date: Re: [patch] CONFIG_KOBJECT_UEVENTS in 2.6.15
- Next by Date: Re: [ANNOUNCE] Linux 2.4.32-hf32.2
- Previous by thread: Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- Next by thread: Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- Index(es):
 |