Comments on the module-file format
Sean Mullan
Sean.Mullan at Sun.COM
Wed Feb 10 13:57:03 PST 2010
Mark Reinhold wrote:
>> The signature is a signature over all of the hashes in the module. It also may
>> contain other security attributes, such as the permissions needed by the
>> modules.
>
> Good point -- I hadn't thought about signing required permissions, but
> that is of course necessary.
Actually, they could also be contained outside of the signature as attributes of
the module, as long as they are protected by one of the module or section
hashes. However, if so, they should come in the header or near the beginning of
the module so that they can be validated against a policy before proceeding with
downloading the rest of the module.
>> - get the signature first
>> - validate the certificate chain
>> - verify the signature with the public key
>> - optionally, prompt user with security dialog
>> - get the module(s)
>> - verify the module/section hashes and check that they each match what is
>> inside the signature.
>
> Makes sense to me. Now we just need to fill in the details ...
Yes.
--Sean
More information about the jigsaw-dev
mailing list