Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753958Ab2JREmG (ORCPT ); Thu, 18 Oct 2012 00:42:06 -0400 Received: from ozlabs.org ([203.10.76.45]:40763 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751298Ab2JREmE (ORCPT ); Thu, 18 Oct 2012 00:42:04 -0400 From: Rusty Russell To: Linus Torvalds , Greg KH Cc: David Howells , David Miller , Linux Kernel Mailing List , jwboyer@redhat.com, pjones@redhat.com Subject: Re: RFC: sign the modules at install time In-Reply-To: References: <3179.1350512382@warthog.procyon.org.uk> <20121018005432.GA20163@kroah.com> User-Agent: Notmuch/0.13.2 (http://notmuchmail.org) Emacs/23.3.1 (i686-pc-linux-gnu) Date: Thu, 18 Oct 2012 15:04:26 +1030 Message-ID: <877gqoo0tp.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 967 Lines: 26 Linus Torvalds writes: > On Wed, Oct 17, 2012 at 5:54 PM, Greg KH wrote: >>> >>> One of the main sane use-cases for module signing is: >>> >>> - CONFIG_CHECK_SIGNATURE=y >>> - randomly generated one-time key >>> - "make modules_install; make install" >>> - "make clean" to get rid of the keys. >>> - reboot. >> >> I want that too, but right now 'make clean' leaves the keys around, >> which seems a bit dangerous to me. > > Oh, yes, we should make sure the key file gets cleaned up at "make clean". I left it at distclean, figuring the temporary key is a bit like the .config. But it's trivial to change if people think that's unnatural. Cheers, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/