scripts/sign-file.c: Add support for signing with a raw signature
This patch adds support for signing a kernel module with a raw detached PKCS#7 signature/message. The signature is not converted and is simply appended to the module so it needs to be in the right format. Using openssl, a valid signature can be generated like this: $ openssl smime -sign -nocerts -noattr -binary -in <module> -inkey \ <key> -signer <x509> -outform der -out <raw sig> The resulting raw signature from the above command is (more or less) identical to the raw signature that sign-file itself can produce like this: $ scripts/sign-file -d <hash algo> <key> <x509> <module> Signed-off-by: Juerg Haefliger <juerg.haefliger@hpe.com> Signed-off-by: David Howells <dhowells@redhat.com>
Showing
Please register or sign in to comment