On Tue, 2013-10-22 at 20:07 +0800, Herbert Xu wrote: > On Tue, Oct 22, 2013 at 12:57:02PM +0100, Dmitry Kasatkin wrote: > > On Tue, Oct 22, 2013 at 12:32 PM, Herbert Xu > > <herb...@gondor.apana.org.au> wrote: > > > On Tue, Oct 22, 2013 at 12:29:56PM +0100, Dmitry Kasatkin wrote: > > >> > > >> We are not adding user-space interface. > > >> We just need to algo definitions which are in sync between user space, > > >> IMA/EVM and kernel module signing. > > >> Module signing perl script uses hard coded values. We want to improve > > >> it export them to user space. > > >> > > >> But please give us a hint, what crypto user-space API helps for us? > > > > > > OK, if you're not exporting the kernel asymmetric key code then > > > that's fine. > > > > Can we take this to mean acked-by you? > > FWIW I'm against introducing new interfaces using integer IDs > for crypto algorithms. Especially if such an interface is exposed > to user-space. > > You said that you're not currently using this as a kernel/user-space > interface, which I can live with grudgingly.
> However, the fact that you've placed this file in uapi leads me to > believe that at some future point in time there will be some sort > of kernel/user-space interface using this. Why else would they need > to be in sync? Files, including kernel modules, are already signed in userspace and verified by the kernel. So they already need to be in sync. Up to now, IMA was limited to a 20 byte digest. This patch set adds support in IMA for larger digests. thanks, Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/