Skip to content
Commit e5a2e3c8 authored by Juerg Haefliger's avatar Juerg Haefliger Committed by David Howells
Browse files

scripts/sign-file.c: Add support for signing with a raw signature



This patch adds support for signing a kernel module with a raw
detached PKCS#7 signature/message.

The signature is not converted and is simply appended to the module so
it needs to be in the right format. Using openssl, a valid signature can
be generated like this:
  $ openssl smime -sign -nocerts -noattr -binary -in <module> -inkey \
    <key> -signer <x509> -outform der -out <raw sig>

The resulting raw signature from the above command is (more or less)
identical to the raw signature that sign-file itself can produce like
this:
  $ scripts/sign-file -d <hash algo> <key> <x509> <module>

Signed-off-by: default avatarJuerg Haefliger <juerg.haefliger@hpe.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parent a1f2bdf3
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment