From: James Morris Subject: Re: [RFC v1.1 3/5] evm: digital signature support Date: Tue, 16 Aug 2011 11:03:58 +1000 (EST) Message-ID: References: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: linux-security-module@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, zohar@linux.vnet.ibm.com To: Dmitry Kasatkin Return-path: In-Reply-To: Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On Thu, 11 Aug 2011, Dmitry Kasatkin wrote: > From: Dmitry Kasatkin > > When building an image, which has to be flashed to different devices, > an HMAC cannot be used to sign file metadata, as the HMAC key is different > on every device. File metadata can be protected using digital signature. > This patch enables RSA signature based integrity verification. This description (also the kconfig text) is not very clear. Perhaps start with what the feature does rather than what the lack of it doesn't. -- James Morris