On Tue, 2013-01-15 at 12:34 +0200, Dmitry Kasatkin wrote: > Asymmetric keys were introduced in linux-3.7 to verify the signature on signed > kernel modules. The asymmetric keys infrastructure abstracts the signature > verification from the crypto details. This patch adds IMA/EVM signature > verification using asymmetric keys. Support for additional signature > verification methods can now be delegated to the asymmetric key infrastructure. > > Although the module signature header and the IMA/EVM signature header could > use the same header format, to minimize the signature length and save space > in the extended attribute, the IMA/EVM header format is different than the > module signature header. The main difference is that the key identifier is > a sha1[12 - 19] hash of the key modulus and exponent and similar to the current > implementation. The only purpose is to identify corresponding key in the kernel > keyring. ima-evm-utils was updated to support the new signature format. David, are you ok with how support for asymmetric keys is being added to EVM/IMA-appraisal for verifying signatures? Any comments? thanks, Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
