Re: Should we automatically generate a module signing key at all?

From: David Woodhouse
Date: Tue May 19 2015 - 16:00:54 EST


On Tue, 2015-05-19 at 11:49 -0700, Andy Lutomirski wrote:
>
> If we use hashes instead of signatures on in-tree modules (at least in
> the case where no long-term key is provided), then generation of the
> temporary signing key stops being an issue because there is no longer
> a temporary signing key.

With signatures I can make a one-line change to a module and rebuild it,
and still load it without having to rebuild my vmlinux to 'permit' it.

My signing key is valid for as long as I *choose* it to be valid.

I appreciate why that's a problem in your scenario, but it's a valid and
useful feature of signatures, and I don't think we can just abandon it.

--
dwmw2


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/