Re: RFC: sign the modules at install time

From: Rusty Russell
Date: Sun Oct 21 2012 - 21:25:24 EST

Next message: Rusty Russell: "Re: RFC: sign the modules at install time"
Previous message: Rusty Russell: "Re: [PATCH] MODSIGN: Move the magic string to the end of a module and eliminate the search"
In reply to: David Howells: "Re: RFC: sign the modules at install time"
Next in thread: Romain Francoise: "Re: RFC: sign the modules at install time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Howells <dhowells@xxxxxxxxxx> writes:
> Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:
>
>> > (Side note: I hope people realize that the random key is generated
>> > with a 100-year lifespan. So if you build a kernel today, you do
>> > potentially have a "year-2112 problem". I'm not horribly worried, but
>> > I *am* a bit worried about 32-bit time_t overflow and I hope 32-bit
>> > openssl doesn't do anything odd)
>>
>> Yep, David's original patch had that problem; he fixed the kernel's x509
>> handling to use struct tm, not time_t, and now it Just Works.
>
> That's assuming that 32-bit *openssl* gets it right when generating the key.

Yes, I am assuming that. What openssl did you think I ran on my 32-bit
kernel? :)

Cheers,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rusty Russell: "Re: RFC: sign the modules at install time"
Previous message: Rusty Russell: "Re: [PATCH] MODSIGN: Move the magic string to the end of a module and eliminate the search"
In reply to: David Howells: "Re: RFC: sign the modules at install time"
Next in thread: Romain Francoise: "Re: RFC: sign the modules at install time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]