Re: kernel module loading vs securelevel

To: tech-kern%netbsd.org@localhost
Subject: Re: kernel module loading vs securelevel
From: Matthew Mondor <mm_lists%pulsar-zone.net@localhost>
Date: Mon, 18 Oct 2010 12:06:32 -0400

On Mon, 18 Oct 2010 14:51:03 +0200
Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost> wrote:

> *lurker mode off*
> IIRC, part of agc work with netpgp is to integrate signature verification
> within kernel.
> *lurker mode on*

Thanks, that's nice to know, I didn't look at netpgp yet but might
eventually check if its RSA implementation (if any) can eventually be
worked into common/lib/libc/rsa, which would be a major step forward to
allow the kernel to verify signatures.

I started writing a task list to have an idea of what needs to be done,
and it's not trivial
(http://cvs.pulsar-zone.net/cgi-bin/cvsweb.cgi/mmondor/netbsd/signed_modules.txt?rev=1.5;content-type=text%2Fplain).
I might give an implementation a try during my next vacations, but no
timeline or guarantee (disclaimer!).  Motivation is also a factor as my
current (very simple) solution to the various MODULAR issues I've faced
(mostly maintenance related) has been so far to use monolithic kernels.
-- 
Matt

References:
- Re: kernel module loading vs securelevel
  - From: David Holland
- Re: kernel module loading vs securelevel
  - From: Izumi Tsutsui
- Re: kernel module loading vs securelevel
  - From: Masao Uebayashi
- Re: kernel module loading vs securelevel
  - From: Thor Lancelot Simon
- Re: kernel module loading vs securelevel
  - From: Matthew Mondor
- Re: kernel module loading vs securelevel
  - From: Thor Lancelot Simon
- Re: kernel module loading vs securelevel
  - From: Jean-Yves Migeon

Prev by Date: Re: kernel module loading vs securelevel
Next by Date: Re: kernel module loading vs securelevel
Previous by Thread: Re: kernel module loading vs securelevel
Next by Thread: Re: kernel module loading vs securelevel
Indexes:

Home | Main Index | Thread Index | Old Index