Re: [PATCH] MODSIGN: Discard previous signature when signing modules

From: David Howells
Date: Tue Mar 26 2013 - 19:35:45 EST

Next message: Greg Kroah-Hartman: "[ 52/98] drivers/video/ep93xx-fb.c: include <linux/io.h> for devm_ioremap()"
Previous message: Greg Kroah-Hartman: "[ 54/98] target/iscsi: Fix mutual CHAP auth on big-endian arches"
In reply to: Michal Marek: "[PATCH] MODSIGN: Discard previous signature when signing modules"
Next in thread: Michal Marek: "Re: [PATCH] MODSIGN: Discard previous signature when signing modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michal Marek <mmarek@xxxxxxx> wrote:

> The format only supports one signature, so discard any previous
> signature before signing the module.

That's not totally true. The format does not preclude multiple signatures.
You can just add another signature block on the end that signs everything
inside of that, including all previous signatures. The alteration to the code
to check all of them would be very small, I think.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "[ 52/98] drivers/video/ep93xx-fb.c: include <linux/io.h> for devm_ioremap()"
Previous message: Greg Kroah-Hartman: "[ 54/98] target/iscsi: Fix mutual CHAP auth on big-endian arches"
In reply to: Michal Marek: "[PATCH] MODSIGN: Discard previous signature when signing modules"
Next in thread: Michal Marek: "Re: [PATCH] MODSIGN: Discard previous signature when signing modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]