Re: RFC: sign the modules at install time

From: Rusty Russell
Date: Sun Oct 21 2012 - 21:25:24 EST

David Howells <dhowells@xxxxxxxxxx> writes:
> Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:
>> > (Side note: I hope people realize that the random key is generated
>> > with a 100-year lifespan. So if you build a kernel today, you do
>> > potentially have a "year-2112 problem". I'm not horribly worried, but
>> > I *am* a bit worried about 32-bit time_t overflow and I hope 32-bit
>> > openssl doesn't do anything odd)
>> Yep, David's original patch had that problem; he fixed the kernel's x509
>> handling to use struct tm, not time_t, and now it Just Works.
> That's assuming that 32-bit *openssl* gets it right when generating the key.

Yes, I am assuming that. What openssl did you think I ran on my 32-bit
kernel? :)

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at