From: Roberto Sassu Sent: Tuesday, January 18, 2022 3:36 PM Hi everyone
I recently sent to the kernel mailing lists a patch set to support PGP keys and signatures.
Other than allowing the appraisal of RPM headers without changes to the building infrastructure, it would also simplify key management for the use cases requiring file or fsverity signatures (no need for a secondary key).
This is the link of the patch set:
https://lore.kernel.org/linux-integrity/20220111180318.591029-1- roberto.sassu@huawei.com/
One point of the discussion was if there is the need to support PGP in the kernel, or if a distribution should adapt its key management to be compatible with key types currently available in the kernel.
I have a question related to this. Is the private key used to sign kernel modules available also when other packages are built?
Thanks
Roberto
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Zhong Ronghua
It would be great if you could comment on this patch set, from the perspective of people managing a Linux distribution. Also, any thought related to the patch set would be appreciated.
Thanks
Roberto
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Zhong Ronghua