Module signing and post-quantum crypto public key algorithms

[David Howells]

Ignat Korchagin <ignat at cloudflare.com> wrote:

> > The not so good news, as I understand it, though, is that the X.509 bits are
> > not yet standardised.
> 
> Does it matter from a kernel perspective? As far as I remember we just
> attach the "plain" signature to binary. Or is it about provisioning
> the key through the keystore?

PKCS#7 is used for the signatures and X.509 is used to provide the public
keys.

David