Hi Roman,
or 2. create a separate header/section
(called ".security" for example) and attach that verification data there.
As Linux uses ELF, I personally like the second approach as it's much more consistent.
Indeed, much easier to create/maintain and is quite flexible as well (I
could have multiple sections for multiple purposes - .security.sig.hash,
.security.sig.name, .security.flags for example).
To make a custom section layout you can use linker scripts (http://sourceware.org/binutils/docs/ld/Scripts.html).
Yep, that was another good one - thank you! For already-built binaries I
could use objcopy (I tested it earlier today and it is flawless!), so
that folds up nicely for compiling new ELF binaries.
