Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 2006-01-29 at 11:49 -0700, Dax Kelson wrote:

> >Has anyone tried to look for simpler signing mechanisms that make use of
> >the crypto algorithms that are already in the kernel?
> 
> Maybe you meant something else, but history has shown that 'rolling your own' mechanism is a bad idea.
> 
> Are there even any suitable algorithms in the kernel??

I'm suggesting that if the only real problem that dsa in the kernel
solves is module signing, then perhaps one can simplify the problem.

For instance, if instead of going for a general signing mechanism in the
kernel that will take any old module and verify it, you define a
particular binary as being trusted, and then devise a signature that the
kernel can check (even the SHA-1 of the binary image might be
sufficient).
The object would be to give the kernel a trusted program that can check
module signatures on its behalf.

Cheers,
  Trond

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux