Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1945900AbbEVWSf (ORCPT ); Fri, 22 May 2015 18:18:35 -0400 Received: from mx1.redhat.com ([209.132.183.28]:52209 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756959AbbEVWSc (ORCPT ); Fri, 22 May 2015 18:18:32 -0400 Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: References: <20150522141358.2581.qmail@ns.horizon.com> To: Linus Torvalds Cc: dhowells@redhat.com, Andy Lutomirski , George Spelvin , David Woodhouse , Linux Kernel Mailing List , LSM List , petkan@mip-labs.com, "Theodore Ts'o" , Mimi Zohar Subject: Re: Should we automatically generate a module signing key at all? MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <24794.1432333107.1@warthog.procyon.org.uk> Date: Fri, 22 May 2015 23:18:27 +0100 Message-ID: <24795.1432333107@warthog.procyon.org.uk> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 590 Lines: 15 Linus Torvalds wrote: > And yes, he would need the ability to insert his own public key in the > kernel image (he already has the ability to re-sign the modules, we > have the script for that in the kernel build tree). With UEFI he could also store his key there. We assume we can trust the keys there. David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/