Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932546AbbERQWt (ORCPT ); Mon, 18 May 2015 12:22:49 -0400 Received: from mail-ie0-f174.google.com ([209.85.223.174]:35786 "EHLO mail-ie0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932375AbbERQWP convert rfc822-to-8bit (ORCPT ); Mon, 18 May 2015 12:22:15 -0400 MIME-Version: 1.0 In-Reply-To: <1431965955.29806.53.camel@infradead.org> References: <31154.1431965087@warthog.procyon.org.uk> <1431965955.29806.53.camel@infradead.org> Date: Mon, 18 May 2015 09:22:14 -0700 X-Google-Sender-Auth: Qyenf5_ZVFNMQmq20_9TNxyJtAY Message-ID: Subject: Re: Should we automatically generate a module signing key at all? From: Linus Torvalds To: David Woodhouse Cc: David Howells , Michal Marek , Abelardo Ricart III , Linux Kernel Mailing List , Sedat Dilek , keyrings@linux-nfs.org, Rusty Russell , LSM List Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 742 Lines: 16 On Mon, May 18, 2015 at 9:19 AM, David Woodhouse wrote: > > I prefer the other solution I suggested a few minutes ago — let > signing_key.{priv,x509} be autogenerated, and if the user wants to > provide their own then let them call it something else. Absolutely. And external keys probably shouldn't be in the build tree at all, they should be a pointer to outside the build tree (ie "I have my magic kernel key on the USB key that I mount at xyz"). Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/