file system signatures and trust model, was Re: Ubuntu Core: how the file-system works
George Gross
gmgross at shoreham.net
Fri Jan 20 14:43:37 UTC 2017
Hi,
at the risk of wading into the weeds, you mentioned below that:
"...it also has the advantage that the core and kernel snaps are signed
readonly squashfses and can not just be modified which adds a great
amount of extra security."
Is there a Wiki or document explaining the signature private key's life
cycle management? For example, what process happens when the key expires
or is compromised? Who is the entity that actually *signs* the file
system?
If you built a custom kernel and/or device drivers, how would your
binaries interact with this file system signature's verification? Can
you substitute your own software factory/store's signature?
If you operate your own private CA and sign some file objects within the
snap, does that CA need to be cross-certified with the trust anchor CA
that is vouching for the identity applying the core/kernel file system
signature?
tia,
George
On Fri, 2017-01-20 at 15:14 +0100, Oliver Grawert wrote:
<snipped for brevity>
More information about the Snapcraft
mailing list