On Wed, Jan 19, 2022 at 11:34:28AM +0000, Roberto Sassu via devel wrote: > > From: Roberto Sassu > > Sent: Tuesday, January 18, 2022 3:36 PM > > Hi everyone > > > > I recently sent to the kernel mailing lists a patch set to support > > PGP keys and signatures. > > > > Other than allowing the appraisal of RPM headers without > > changes to the building infrastructure, it would also simplify > > key management for the use cases requiring file or fsverity > > signatures (no need for a secondary key). > > > > This is the link of the patch set: > > > > https://lore.kernel.org/linux-integrity/20220111180318.591029-1- > > roberto.sa...@huawei.com/ > > > > One point of the discussion was if there is the need to support > > PGP in the kernel, or if a distribution should adapt its key > > management to be compatible with key types currently available > > in the kernel. > > I have a question related to this. Is the private key used to sign > kernel modules available also when other packages are built?
Nope. My understanding is that this is only available during that kernel build and then disguarded. (But you could perhaps ask on fedora's kernel list about it for more info). kevin
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
