Re: RFC: sign the modules at install time

From: Rusty Russell
Date: Thu Oct 18 2012 - 00:42:35 EST

Next message: Zhi Yong Wu: "Re: [RFC v3 00/13] vfs: hot data tracking"
Previous message: Rusty Russell: "Re: RFC: sign the modules at install time"
In reply to: Linus Torvalds: "Re: RFC: sign the modules at install time"
Next in thread: Greg KH: "Re: RFC: sign the modules at install time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes:
> On Wed, Oct 17, 2012 at 5:54 PM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>>>
>>> One of the main sane use-cases for module signing is:
>>>
>>> - CONFIG_CHECK_SIGNATURE=y
>>> - randomly generated one-time key
>>> - "make modules_install; make install"
>>> - "make clean" to get rid of the keys.
>>> - reboot.
>>
>> I want that too, but right now 'make clean' leaves the keys around,
>> which seems a bit dangerous to me.
>
> Oh, yes, we should make sure the key file gets cleaned up at "make clean".

I left it at distclean, figuring the temporary key is a bit like the
.config. But it's trivial to change if people think that's unnatural.

Cheers,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Zhi Yong Wu: "Re: [RFC v3 00/13] vfs: hot data tracking"
Previous message: Rusty Russell: "Re: RFC: sign the modules at install time"
In reply to: Linus Torvalds: "Re: RFC: sign the modules at install time"
Next in thread: Greg KH: "Re: RFC: sign the modules at install time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]