On Sun, 2006-01-29 at 11:49 -0700, Dax Kelson wrote: > >Has anyone tried to look for simpler signing mechanisms that make use of > >the crypto algorithms that are already in the kernel? > > Maybe you meant something else, but history has shown that 'rolling your own' mechanism is a bad idea. > > Are there even any suitable algorithms in the kernel?? I'm suggesting that if the only real problem that dsa in the kernel solves is module signing, then perhaps one can simplify the problem. For instance, if instead of going for a general signing mechanism in the kernel that will take any old module and verify it, you define a particular binary as being trusted, and then devise a signature that the kernel can check (even the SHA-1 of the binary image might be sufficient). The object would be to give the kernel a trusted program that can check module signatures on its behalf. Cheers, Trond - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <[email protected]>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- References:
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Christoph Hellwig <[email protected]>
- [PATCH 00/04] Add DSA key type
- From: David Härdeman <[email protected]>
- [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <[email protected]>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Howells <[email protected]>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <[email protected]>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Adrian Bunk <[email protected]>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <[email protected]>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Trond Myklebust <[email protected]>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <[email protected]>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Trond Myklebust <[email protected]>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: David Härdeman <[email protected]>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Trond Myklebust <[email protected]>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- From: Dax Kelson <[email protected]>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
- Prev by Date: Re: [patch] CONFIG_KOBJECT_UEVENTS in 2.6.15
- Next by Date: Re: [ANNOUNCE] Linux 2.4.32-hf32.2
- Previous by thread: Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- Next by thread: Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
- Index(es):
 |