On Mon, Jul 03, 2017 at 03:02:47PM -0700, Jethro Beekman wrote:
On 2017-07-03 10:42, Jarkko Sakkinen wrote:
> On Mon, Jul 03, 2017 at 08:39:41AM -0700, Jethro Beekman wrote:
> > On 2017-07-02 07:25, Jarkko Sakkinen wrote:
> > > + Provide the file name of a private key/certificate in PEM
> > Why are you using a certificate? Just supplying a private key should be
> > enough.
> > Jethro Beekman | Fortanix
> Excellent question. Key management is the reason why I sent this before
> pushing the full implementation. My PoC  uses RSA keys. I chose to
> use x.509 certificate here because that's what is used for module
Module signing is different, because the kernel is also expected to verify
signatures. This never happens for the LE.
Jethro Beekman | Fortanix
That is a valid point. I'll start with RSA keys and make a note to the
corresponding commit why we chose that route instead x.509. The only
counter argument I could give would be that in some ways it would make
sense for kbuild to eat this type of data in the same format everywhere.
Thanks for for your comments!