Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1143476pxb; Wed, 10 Feb 2021 00:45:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJwHKPdBJymZuRH6Wbz475gMoUrxkcDDrb4aFOF3zZxTlaVK41B+/Nvpm+mxer4gB/VnzX42 X-Received: by 2002:a17:906:980b:: with SMTP id lm11mr1985682ejb.46.1612946753104; Wed, 10 Feb 2021 00:45:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612946753; cv=none; d=google.com; s=arc-20160816; b=yTAmcGDY9mR395R8iBhKtccCNMYQli1ydsxMVtaKcvW6rI09Xqr6t6n6scbAzkxZsg x6hW65XDHnTFdG5AxJjV9NZxzZ+AYjwYBVDyCWtSpOynxp2edciDlTlu1fbFWKlnQJ20 3GU/xoGfTwNrdcJhj3ty7xyTfstaKI+mv55Mdf+OSMUEAdYdqSwQE6A/EiYGeT1IlImp vi6kFLRWsa+tElPOMUdsoIdXyCr1/qX8fOQOSHiJzEK1rGHQ4eLu72xVepzUuLLnjLtu DwbCkvM6yhDoqBnRmDKnohVQveJFCXimT7Mx4ohHhsFxm1G2f9KKcX4HTfwnhHGgH5pJ +0nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:from:cc:to:subject :content-transfer-encoding:mime-version:references:in-reply-to :user-agent:date:dkim-signature; bh=YwvDu6oqROt+57TdiDoWh5hmU/4sN4z20+5LEuc/s2s=; b=qybKVZahx1cET/PcuV7sX7WpqT+8MwrXSTsko+xtTvSN5zeNXrZEjZk6xgba3oHbxA 4VtI0SE6NsoOFwRxrQuZesP85BKgni7PO03ufk6y9MCArYHiMV1ODJAWA+oy+TlECFMR OJCJQwU68L1hsqS7+kjmrQWWLqIRdwCTVR7ski2SSJJLCaRMWoJsIjeW4P4qhboyTCgK n5UN+LuvB7wE4H5frEvaWppxxjDzoVqZXESu32eZB1eLkA1Jv+1UfZKfrgt21ir+ne5t fNtFiymflEvysM8AB5MGK7hXvSBhsTkxRIQwzbSr0Zag/SKOzqkHnKUB6YCdo/18m6i0 gKkQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=casper.20170209 header.b=v28vFuD3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c4si953615edr.553.2021.02.10.00.45.29; Wed, 10 Feb 2021 00:45:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=casper.20170209 header.b=v28vFuD3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233344AbhBJICp (ORCPT + 99 others); Wed, 10 Feb 2021 03:02:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233383AbhBJICl (ORCPT ); Wed, 10 Feb 2021 03:02:41 -0500 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6D198C061756; Wed, 10 Feb 2021 00:02:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Message-ID:From:CC:To:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To: Date:Sender:Reply-To:Content-ID:Content-Description; bh=YwvDu6oqROt+57TdiDoWh5hmU/4sN4z20+5LEuc/s2s=; b=v28vFuD3GKtPjcZ1S4zq/pKgIn 6WOeUKnFlUOe3TSLrwe3QMtmr3WuTROXmKCYs4UzXyRbDV6M7t3XzfC3q6vQgaWEEKP1f2AEnuJ9H SXCwIkbiJ4ltBMTKEw44H0eVJHInTxp5GDRVhzwF96pWLOvk3Cn/miPQah2ShslEqn5LSFAw3H67Q OmGyt6jjntKi6z07AayxxIFW/MNsDA2DuHzXFjtIKAMQKdThYxYcqEJCb6qH6sFjet3eUFG0Dq9+d Yutzm/JSyvihGhQR/uslkl1ofDFIgvd8GqAGOruz3z2Xsqe6Gc7fTZEdbEDsvfb2w8O89q3i3oQMu ITi+bGpA==; Received: from [2001:8b0:10b:1:214c:2fae:9fc7:4b5c] by casper.infradead.org with esmtpsa (Exim 4.94 #2 (Red Hat Linux)) id 1l9kRG-008Y5W-EA; Wed, 10 Feb 2021 08:01:43 +0000 Date: Wed, 10 Feb 2021 08:01:30 +0000 User-Agent: K-9 Mail for Android In-Reply-To: <20210210074554.81100-1-songyang@linux.alibaba.com> References: <20210210074554.81100-1-songyang@linux.alibaba.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PATCH] sign-file: add openssl engine support To: Yang Song , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org CC: zhang.jia@linux.alibaba.com, tianjia.zhang@linux.alibaba.com, songyang@linux.alibaba.com From: David Woodhouse Message-ID: X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10 February 2021 07:45:54 GMT, Yang Song wrote: >Use a customized signature service supported by openssl engine >to sign the kernel module=2E >Add command line parameters that support engine for sign-file >to use the customized openssl engine service to sign kernel modules=2E > >Signed-off-by: Yang Song Aren't engines already obsolete in the latest versions of OpenSSL, as well= as being an implementation detail of one particular crypto library? They a= ren't really a concept we should be exposing in *our* user interface=2E Better to make sign-file automatically recognise RFC7512 PKCS#11 URIs and = handle them by automatically loading the PKCS#11 engine=2E --=20 Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E