On Thu, Dec 08, 2022 at 09:37:29PM +0000, Luca Boccassi wrote: > > The second question is easy: because the kernel is the right place for > our use case to do this verification and enforcement, exactly like dm- > verity does. Well, dm-verity's in-kernel signature verification support is a fairly new feature. Most users of dm-verity don't use it, and will not be using it. > Userspace is largely untrusted, or much lower trust anyway. Yes, which means the kernel is highly trusted. Which is why parsing complex binary formats, X.509 and PKCS#7, in C code in the kernel is not a great idea... - Eric
|