Re: RFC: sign the modules at install time

From: Linus Torvalds
Date: Sat Oct 20 2012 - 12:48:01 EST


On Sat, Oct 20, 2012 at 9:41 AM, Romain Francoise <romain@xxxxxxxxxxxxx> wrote:
>
> Yes, however the key generation itself is horribly verbose and doesn't mix
> very well with the output of a parallel build. Now that the modules are
> signed at install time, presumably the key should be generated then as
> well, and the output cleaned up to look like normal Kbuild messages (with
> support for V=1 for the curious).

No, the key needs to be built before the kernel is built, since the
public part (for verification) needs to be built into the kernel (and
we don't want to make "make install" complicated).

Making it less verbose is clearly an option, though. Right now I like
seeing it just to see when the key gets recreated and so people are
aware of it, but the excitement of that will certainly pall quickly
enough ;)

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/