Juerg Haefliger <juerg.haefli...@hpe.com> wrote: > This patch adds support for signing a kernel module with a raw > detached PKCS#7 signature/message. > > The signature is not converted and is simply appended to the module so > it needs to be in the right format. Using openssl, a valid signature can > be generated like this: > $ openssl smime -sign -nocerts -noattr -binary -in <module> -inkey \ > <key> -signer <x509> -outform der -out <raw sig> > > The resulting raw signature from the above command is (more or less) > identical to the raw signature that sign-file itself can produce like > this: > $ scripts/sign-file -d <hash algo> <key> <x509> <module>
What's the usage case for this? Can it be done instead with openssl PKCS#11? David
