On Fri, Aug 27, 2021 at 06:30:37PM -0700, Aleksander Adamowski wrote: > PKCS#11 API allows us to use opaque keys confined in hardware security > modules (HSMs) and similar hardware tokens without direct access to the > key material, providing logical separation of the keys from the > cryptographic operations performed using them. > > This commit allows using the popular libp11 pkcs11 module for the > OpenSSL library with `fsverity` so that direct access to a private key > file isn't necessary to sign files. Sorry, I didn't notice that you had already sent out a new version of this patch. Is this version intended to address all my comments? Some of the comments I made don't seem to have been fully addressed. - Eric
|