Rusty Russell <rusty@xxxxxxxxxx> wrote: > > > We can have false positives, but at worst that make us report EINVAL > > > (bad signature) instead of ENOENT (no signature). > > > > EKEYREJECTED please; that way it's the same as RHEL does now. > > OK, sure (who knew that was there?). Second paragraph in the description of patch #21: These patches have been in use by RHEL and Fedora kernels for years, and so have been thoroughly tested. Further down the description: Any module for which the kernel has a key, but which proves to have a signature mismatch will not be permitted to load (returning EKEYREJECTED). David -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
