Re: [PATCH v2] scripts/sign-file.c: Add support for signing with a raw signature

From: David Howells
Date: Wed Feb 10 2016 - 05:13:07 EST

Next message: Miroslav Benes: "Re: [PATCH v4 1/4] modules: split part of complete_formation() into prepare_coming_module()"
Previous message: Joao Pinto: "Re: [PATCH 2/2] add support for DWC UFS Host Controller"
In reply to: David Howells: "Re: [PATCH v2] scripts/sign-file.c: Add support for signing with a raw signature"
Next in thread: David Woodhouse: "Re: [PATCH v2] scripts/sign-file.c: Add support for signing with a raw signature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Juerg Haefliger <juerg.haefliger@xxxxxxx> wrote:

> This patch adds support for signing a kernel module with a raw
> detached PKCS#7 signature/message.
>
> The signature is not converted and is simply appended to the module so
> it needs to be in the right format. Using openssl, a valid signature can
> be generated like this:
> $ openssl smime -sign -nocerts -noattr -binary -in <module> -inkey \
> <key> -signer <x509> -outform der -out <raw sig>
>
> The resulting raw signature from the above command is (more or less)
> identical to the raw signature that sign-file itself can produce like
> this:
> $ scripts/sign-file -d <hash algo> <key> <x509> <module>

What's the usage case for this? Can it be done instead with openssl PKCS#11?

David

Next message: Miroslav Benes: "Re: [PATCH v4 1/4] modules: split part of complete_formation() into prepare_coming_module()"
Previous message: Joao Pinto: "Re: [PATCH 2/2] add support for DWC UFS Host Controller"
In reply to: David Howells: "Re: [PATCH v2] scripts/sign-file.c: Add support for signing with a raw signature"
Next in thread: David Woodhouse: "Re: [PATCH v2] scripts/sign-file.c: Add support for signing with a raw signature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]