Re: crypto api initialized late
From: Valdis . Kletnieks
Date: Mon May 16 2005 - 15:26:41 EST
On Mon, 16 May 2005 15:15:22 EDT, Reiner Sailer said:
>
> I am writing a Linux Security Module that needs SHA1 support very early in
> the kernel startup (before any fs are mounted,modules are loaded, or
> files are mapped; including initrd). Therefore, I use the __initcall
> to initialize the security module. SHA1 can currently be used only
> through the crypto-api (static definitions and hidden context structure).
>
> This crypto-API, however, initializes AFTER the security module
> code in the __initicall block. Currently, I use the following patch into
> the main Linux Makefile to start up the crypto-API earlier:
I hit the same problem trying to add sysctl's from inside the LSM. What I
ended up doing was letting the security_initcall() set up the *other* stuff I
needed, and then had a regular initcall() that ended up called after sysctl was
initialized, but before we went to userspace. I'm pretty sure that all the
initcall chails get run before we mount the initrd and all that.
Attachment:
pgp00000.pgp
Description: PGP signature