Re: [PATCH] modsign: provide option to automatically delete the key after modules were installed

[David Howells]

Alexander Holler <holler@xxxxxxxxxxxxx> wrote:

> 1. I have no idea about how distro maintainers do handle their private and
> public keys used to sign modules.

In Fedora and RHEL, at least, we use a one-off on-the-fly generated transient
key for each rpm build.

When a kernel is built by rpmbuild, the source directory is generated afresh
and a new key created each time.  In the build farms, the kernel build tree is
simply erased, private key and all, at the conclusion of the build.

We make no effort to retain the transient private key as (1) it would require
special handling for kernel builds to avoid leaking it, (2) it might impact
non-buildfarm builds, and (3) it's more secure that no one has the private
key.

One thing that you have to be careful of with your patch is that if you turn
it on during development, this will drain the entropy pool from which you get
random numbers.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/