On Sat, Oct 16, 2010 at 07:56:22PM -0700, Gary Thorpe wrote: > > Would it be useful to use digital signatures with kernel modules and > have the user decide which signatures are "trusted" (including the > options of accepting any or unsigned modules [all])? Is it infeasible, > too hard or not very secure to do this?
No pubkey support in the software kernel crypto provider. Given that, it's just a SMOMP, where the "M" for "more programming" in this case means "parsing horrible X.509 datastructures and making complex policy decisions in-kernel". Thor
