On Sun, Oct 14, 2012 at 1:11 PM, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> I've pulled and resolved the branch, and I'm going through it now, but
> I'd like this verified before I push out if it all looks fine..
Hmm. So this thing makes me wonder:
/* Not having a signature is only an error if we're strict. */
if (err < 0 && fips_enabled)
panic("Module verification failed with error %d in FIPS mode\n",
err);
do we really want to panic (even in fips_enabled mode)?
Sounds like it will just kill the machine if we ever end up having an
unsigned module by mistake anywhere.
I realize that fips_enabled is only for crazy people, but it's exactly
code like this that limits it to only crazy people. Is there some
*reason* for this?
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
