Roberto Sassu <roberto.sassu@xxxxxxxxxxxxxxx> wrote: > > For the envisioned use cases, PGP operations cannot be done in user space, > since the consumers are in the kernel itself (Integrity Digest Cache and > IMA). Also they cannot be done in a trusted initial ram disk, since PGP > operations can occur also while the system is running (e.g. after software > package installation). Does this address Linus's objections? If not then we cannot proceed. Personally I don't think the argument above holds water. With IPsec we had a similar issue of authenticating untrusted peers using public key cryptography. In that case we successfully delegated the task to user-space and it is still how it works to this day. A user-space daemon dedicated to public key crypto seems equally applicable to your scenario. The original application that brought public key crypto into the kernel was module loading. If we really wanted to we could extend the user-space verification to modules too and perhaps kick all public key crypto out of the kernel. The complexity and lack of reviewer attention in this area means that we're more likely to introduce security holes into the kernel with such code. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
