| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 Dec 2012 18:14:27 +0000 From: David Howells <dhowells@...hat.com> To: Rusty Russell <rusty@...tcorp.com.au> Cc: dhowells@...hat.com, Mimi Zohar <zohar@...ux.vnet.ibm.com>, linux-security-module@...r.kernel.org, Dmitry Kasatkin <dmitry.kasatkin@...el.com>, linux-kernel@...r.kernel.org, Mimi Zohar <zohar@...ibm.com> Subject: Re: [RFC][PATCH 1/2] modsig: add support to sign kernel modules using ephemeral keys Rusty Russell <rusty@...tcorp.com.au> wrote: > > +PHONY += _newmodpubkey_ > > +_newmodpubkey_: > > + @rm -f $(MODSECKEY) $(MODPUBKEY) > > + $(Q)$(MAKE) -W kernel/modsign_pubkey.o Please don't do this. It can muck up the dependencies as make thinks it has already done this file at this point. Also, rebuilding bzImage yet again wouldn't be the best. We already do it a number of times. Further, if vmlinux is already installed when you rebuild, you may confuse gdb if the debuginfo then no longer matches vmlinux. You have to expose the private key *anyway* - so how much does this actually gain you? Especially with a one-shot transient key. David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists