On 03/10/14 15:49, Dmitry Kasatkin wrote: > On 03/10/14 15:46, David Howells wrote: >> Dmitry Kasatkin <d.kasat...@samsung.com> wrote: >> >>> Latest KEYS code change the way keys identified and module >>> signing keys are not searchable anymore with original id. >>> >>> This patch fixes this problem without change module signature >>> data. >> This isn't sufficient. The key search must also include the signer. >> > IMA uses "id:<id>" partial matching.. There is no signer in the signature. > It is added as "last resort" > > It is here... the same but I renamed with finger print.. > > http://git.kernel.org/cgit/linux/kernel/git/kasatkin/linux-digsig.git/commit/?h=keys-fixes&id=f036bb9a4c1b3c548f315226d3284e6a91d284e7 > > - Dmitry > >
For module actually I made it as a fix because it was broken. Other requires changes in module signature format... - Dmitry >> David >> -- >> To unsubscribe from this list: send the line "unsubscribe >> linux-security-module" in >> the body of a message to majord...@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > -- > To unsubscribe from this list: send the line "unsubscribe > linux-security-module" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
