Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757551AbbEVWVx (ORCPT ); Fri, 22 May 2015 18:21:53 -0400 Received: from mail-ig0-f170.google.com ([209.85.213.170]:34260 "EHLO mail-ig0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757344AbbEVWVw (ORCPT ); Fri, 22 May 2015 18:21:52 -0400 MIME-Version: 1.0 In-Reply-To: <24795.1432333107@warthog.procyon.org.uk> References: <20150522141358.2581.qmail@ns.horizon.com> <24795.1432333107@warthog.procyon.org.uk> Date: Fri, 22 May 2015 15:21:51 -0700 X-Google-Sender-Auth: tL4iSe8oMCaTq_OMx1r2CdEZJ3E Message-ID: Subject: Re: Should we automatically generate a module signing key at all? From: Linus Torvalds To: David Howells Cc: Andy Lutomirski , George Spelvin , David Woodhouse , Linux Kernel Mailing List , LSM List , petkan@mip-labs.com, "Theodore Ts'o" , Mimi Zohar Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 570 Lines: 14 On Fri, May 22, 2015 at 3:18 PM, David Howells wrote: > > With UEFI he could also store his key there. We assume we can trust the keys > there. We assume no such thing. The normal situation is that people are *not* supposed to touch any keys in UEFI, for all the usual reasons. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/