On Thu, Apr 9, 2015 at 5:57 PM, Luis R. Rodriguez <mcgrof@xxxxxxxxxxxxxxxx> wrote: > Hey folks, > > next week I'd like to address replacing the need for CRDA [0] as a > udev helper with in-kernel functionality There's a few motivations > for this but a good one is that the kernel already has now > cryptographic support to verify the integrity of the regulatory > database, just as it has support for verifying the integrity of > modules / firmware. We'd use something like: > > request_file(file_reqs) > > Where the file_reqs provides the requirements, including cryptographic > requirements, and I suspect we'd use LSM to vet for the cryptographic > needs of the file. > > Now other than this step CRDA currently *reads* a database and today > we have our own format. If we want to extend this though we will have > to issue a new regdb format and old kernels might not be compatible > with the new format. This is a typical database problem and I'm hoping > we are not the first to deal with this. What *extensible* kernel > database format are there already, are they generic already? I'd > prefer something already using netlink. > > Any recommendations? > > [0] https://wireless.wiki.kernel.org/en/developers/regulatory/crda OK I haven't heard back so will just work towards a very simple extensible db and proceed as planned to reuse the existing request_firmware_direct() API but with cryptographic requirements and vetting through LSM. Luis -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html