Re: [GIT PULL] Crypto keys and module signing

From: Arjan van de Ven
Date: Fri Dec 09 2011 - 13:18:12 EST


On 12/9/2011 10:06 AM, David Howells wrote:
> James Morris <jmorris@xxxxxxxxx> wrote:
>
>> Is there any reason not to sign and verify kernel modules by default?
>
> If you don't have an entropy source, your build can hang if it's waiting for
> gpg to generate a key. You need to run rngd to get around this.

... the temp key can use /dev/urandom.
seriously, /dev/urandom for one time, temp keys is not bad
(if you care about the difference, you better provide your own real key)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/