Re: RFC: sign the modules at install time
From: Rusty Russell
Date: Thu Oct 18 2012 - 00:42:35 EST
Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes:
> On Wed, Oct 17, 2012 at 5:54 PM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>>> One of the main sane use-cases for module signing is:
>>> - CONFIG_CHECK_SIGNATURE=y
>>> - randomly generated one-time key
>>> - "make modules_install; make install"
>>> - "make clean" to get rid of the keys.
>>> - reboot.
>> I want that too, but right now 'make clean' leaves the keys around,
>> which seems a bit dangerous to me.
> Oh, yes, we should make sure the key file gets cleaned up at "make clean".
I left it at distclean, figuring the temporary key is a bit like the
.config. But it's trivial to change if people think that's unnatural.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/