Re: [PATCH 10/8] modsign: Allow password to be specified for signing key

From: Petko Manolov
Date: Tue May 19 2015 - 12:30:15 EST

Next message: Dinh Nguyen: "Re: [PATCHv3 2/4] clk: socfpga: add a clock driver for the Arria 10 platform"
Previous message: Petko Manolov: "Re: Should we automatically generate a module signing key at all?"
In reply to: David Howells: "Re: [PATCH 10/8] modsign: Allow password to be specified for signing key"
Next in thread: David Woodhouse: "Re: [PATCH 10/8] modsign: Allow password to be specified for signing key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15-05-19 15:45:58, David Woodhouse wrote:
> We don't want this in the Kconfig since it might then get exposed in
> /proc/config.gz. So make it a parameter to Kbuild instead. This also
> means we don't have to jump through hoops to strip quotes from it, as
> we would if it was a config option.

If it were on a network-less, secure sign/build server i'd say it is OK.

However, exposing your private key's password in an environment variable on a
regular Linux box is a bit fishy.

cheers,
Petko
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dinh Nguyen: "Re: [PATCHv3 2/4] clk: socfpga: add a clock driver for the Arria 10 platform"
Previous message: Petko Manolov: "Re: Should we automatically generate a module signing key at all?"
In reply to: David Howells: "Re: [PATCH 10/8] modsign: Allow password to be specified for signing key"
Next in thread: David Woodhouse: "Re: [PATCH 10/8] modsign: Allow password to be specified for signing key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]