On Mon, Mar 27, 2017 at 01:54:44PM -0400, Eric McCorkle wrote: > Hello everyone, > > The following is a design proposal for signed kernel and kernel module > loading, both at boot- and runtime (with the possibility open for signed > executables and libraries if someone wanted to go that route). I'm > interested in feedback on the idea before I start actually writing code > for it. > > == Goals == > [snip] > > == Non-Goals == > [snip] > > == Existing Solution(s) == > [snip] > While functional, this design doesn't meet the goals I outlined: > [snip] > * Finally, the gnupg signature format doesn't actually seem to be > documented anywhere, or at least not anywhere that doesn't require a lot > of digging...
Erm, actually, the so-called "gnupg signature format", better known as "the OpenPGP signature format", is pretty well documented in RFC 4880. Note that this remark has no bearing on any of your other arguments, or on your work as a whole; I just wanted to clarify this particular point :) G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@freebsd.org p...@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
