Hi, This is an RFC patch series to get early feedback on stuff I am working on. This series does few things. - Adds an extra structure to ima signature (security.ima) which will signal the elf loader that this executable needs to be locked. This will be useful for secureboot where signed /sbin/kexec needs to run memory locked. I have posted RFC kernel patches on Fedora kernel mailing list. https://lists.fedoraproject.org/pipermail/kernel/2013-September/004432.html kexec-tools patches are posted here. https://lists.fedoraproject.org/pipermail/kernel/2013-September/004469.html - Add a functionality to import signatures signed externally. (Patch 2) - Add functionality to allow signing using external crypto card. (Patch 3) - Add a functionality to create a daemon which cilents can connect to and request file signing (Patch 4 and Patch 5). All the signing enhancements I need so that various build servers can make use of it to sign /sbin/kexec and bzImage using appropriate keys. This is still a work in progress and code is very raw. I wanted to get the code out to get early feedback. Thanks Vivek Vivek Goyal (5): evmctl: Allow adding a memlock information in security.ima evmctl: Allow importing external signature evmctl: Allow signing using external crypto engine evmctl-allow-launching-daemon evmctl-client: A simple client to request signing from evmctl daemon configure.ac | 1 + src/Makefile.am | 9 +- src/client.c | 697 +++++++++++++++++++++++++++++++++ src/daemon.h | 83 ++++ src/evmctl.c | 1166 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 5 files changed, 1934 insertions(+), 22 deletions(-) create mode 100644 src/client.c create mode 100644 src/daemon.h -- 1.8.3.1 _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
