From: Rusty Russell <rusty@rustcorp.com.au>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Greg KH <gregkh@linuxfoundation.org>
Cc: David Howells <dhowells@redhat.com>,
David Miller <davem@davemloft.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
jwboyer@redhat.com, pjones@redhat.com
Subject: Re: RFC: sign the modules at install time
Date: Thu, 18 Oct 2012 15:04:26 +1030 [thread overview]
Message-ID: <877gqoo0tp.fsf@rustcorp.com.au> (raw)
In-Reply-To: <CA+55aFxo-b3nUAWhG0N7hJkH1goStvBBTCT7XWGD+RJLG0=fsQ@mail.gmail.com>
Linus Torvalds <torvalds@linux-foundation.org> writes:
> On Wed, Oct 17, 2012 at 5:54 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
>>>
>>> One of the main sane use-cases for module signing is:
>>>
>>> - CONFIG_CHECK_SIGNATURE=y
>>> - randomly generated one-time key
>>> - "make modules_install; make install"
>>> - "make clean" to get rid of the keys.
>>> - reboot.
>>
>> I want that too, but right now 'make clean' leaves the keys around,
>> which seems a bit dangerous to me.
>
> Oh, yes, we should make sure the key file gets cleaned up at "make clean".
I left it at distclean, figuring the temporary key is a bit like the
.config. But it's trivial to change if people think that's unnatural.
Cheers,
Rusty.
next prev parent reply other threads:[~2012-10-18 4:42 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-17 20:36 RFC: sign the modules at install time Linus Torvalds
2012-10-17 22:19 ` David Howells
2012-10-17 22:44 ` Linus Torvalds
2012-10-18 0:54 ` Greg KH
2012-10-18 3:14 ` Linus Torvalds
2012-10-18 3:18 ` Linus Torvalds
2012-10-18 4:34 ` Rusty Russell [this message]
2012-10-18 17:16 ` Greg KH
2012-10-18 4:31 ` Rusty Russell
2012-10-18 12:11 ` Josh Boyer
2012-10-18 16:29 ` Linus Torvalds
2012-10-19 0:20 ` Rusty Russell
2012-10-19 11:21 ` David Howells
2012-10-21 23:51 ` Rusty Russell
2012-10-20 16:41 ` Romain Francoise
2012-10-20 16:47 ` Linus Torvalds
2012-10-17 22:26 ` Josh Boyer
2012-10-17 23:07 ` Linus Torvalds
2012-10-17 23:20 ` Josh Boyer
2012-10-17 23:25 ` Linus Torvalds
2012-10-17 23:44 ` Linus Torvalds
2012-10-18 0:06 ` Linus Torvalds
2012-10-17 23:21 ` Linus Torvalds
2012-10-18 0:13 ` Josh Boyer
2012-10-18 4:41 ` Rusty Russell
2012-10-18 1:17 ` Rusty Russell
2012-10-18 3:27 ` Linus Torvalds
2012-10-18 5:34 ` Rusty Russell
2012-10-18 18:46 ` Linus Torvalds
2012-10-18 19:58 ` Josh Boyer
2012-10-19 0:48 ` Rusty Russell
2012-10-19 11:44 ` Josh Boyer
2012-10-19 1:16 ` Rusty Russell
2012-10-19 11:49 ` Josh Boyer
2012-10-19 1:23 ` Rusty Russell
2012-10-19 3:21 ` Stephen Rothwell
2012-10-19 11:25 ` David Howells
2012-10-19 11:30 ` Stephen Rothwell
2012-10-19 11:40 ` Alexander Holler
2012-10-20 3:53 ` Rusty Russell
2012-10-19 19:58 ` Linus Torvalds
2012-10-19 22:04 ` Linus Torvalds
2012-10-22 0:28 ` Rusty Russell
-- strict thread matches above, loose matches on Subject: below --
2012-10-18 21:31 George Spelvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877gqoo0tp.fsf@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=jwboyer@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pjones@redhat.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.