Luis R. Rodriguez <mcgrof at do-not-panic.com> wrote: > This generalizes the module signing code as helpers, we do > this as we'll later re-use this same code for firmware and > other system data signing. I'm trying to move us to the use of PKCS#7 certificates as module signatures. See here: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=modsign-pkcs7 I would suggest you use this as a base. Also, I would suggest, if you can manage it, either: (1) Keep the signature and the firmware blobs separate on disk for copyright and/or licensing purposes. (2) Put the firmware blob inside the PKCS#7 message as the embedded data. David
