tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kernel module loading vs securelevel
On Mon, 18 Oct 2010 14:51:03 +0200
Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost> wrote:
> *lurker mode off*
> IIRC, part of agc work with netpgp is to integrate signature verification
> within kernel.
> *lurker mode on*
Thanks, that's nice to know, I didn't look at netpgp yet but might
eventually check if its RSA implementation (if any) can eventually be
worked into common/lib/libc/rsa, which would be a major step forward to
allow the kernel to verify signatures.
I started writing a task list to have an idea of what needs to be done,
and it's not trivial
(http://cvs.pulsar-zone.net/cgi-bin/cvsweb.cgi/mmondor/netbsd/signed_modules.txt?rev=1.5;content-type=text%2Fplain).
I might give an implementation a try during my next vacations, but no
timeline or guarantee (disclaimer!). Motivation is also a factor as my
current (very simple) solution to the various MODULAR issues I've faced
(mostly maintenance related) has been so far to use monolithic kernels.
--
Matt
Home |
Main Index |
Thread Index |
Old Index