[wireless-regdb] [PATCH v1 02/12] kernel: generalize module signing as system data signing
David Howells
dhowells at redhat.com
Wed May 6 05:08:49 PDT 2015
Luis R. Rodriguez <mcgrof at do-not-panic.com> wrote:
> This generalizes the module signing code as helpers, we do
> this as we'll later re-use this same code for firmware and
> other system data signing.
I'm trying to move us to the use of PKCS#7 certificates as module signatures.
See here:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=modsign-pkcs7
I would suggest you use this as a base.
Also, I would suggest, if you can manage it, either:
(1) Keep the signature and the firmware blobs separate on disk for copyright
and/or licensing purposes.
(2) Put the firmware blob inside the PKCS#7 message as the embedded data.
David
More information about the wireless-regdb
mailing list