Re: RFC: sign the modules at install time

From: David Howells
Date: Fri Oct 19 2012 - 07:21:51 EST

Next message: David Howells: "Re: RFC: sign the modules at install time"
Previous message: Peter Zijlstra: "Re: [PATCH] Do not use cpu_to_node() to find an offlined cpu's node."
In reply to: Rusty Russell: "Re: RFC: sign the modules at install time"
Next in thread: Rusty Russell: "Re: RFC: sign the modules at install time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:

> > (Side note: I hope people realize that the random key is generated
> > with a 100-year lifespan. So if you build a kernel today, you do
> > potentially have a "year-2112 problem". I'm not horribly worried, but
> > I *am* a bit worried about 32-bit time_t overflow and I hope 32-bit
> > openssl doesn't do anything odd)
>
> Yep, David's original patch had that problem; he fixed the kernel's x509
> handling to use struct tm, not time_t, and now it Just Works.

That's assuming that 32-bit *openssl* gets it right when generating the key.
Trying it on my 32-bit laptop, I see:

154:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :21120925112014Z

so I guess it does.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Howells: "Re: RFC: sign the modules at install time"
Previous message: Peter Zijlstra: "Re: [PATCH] Do not use cpu_to_node() to find an offlined cpu's node."
In reply to: Rusty Russell: "Re: RFC: sign the modules at install time"
Next in thread: Rusty Russell: "Re: RFC: sign the modules at install time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]