[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 05 May 2015 18:44:28 -0400
From: Abelardo Ricart III <aricart@...nix.com>
To: David Howells <dhowells@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Michal Marek <mmarek@...e.cz>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
LSM List <linux-security-module@...r.kernel.org>,
Rusty Russell <rusty@...tcorp.com.au>, keyrings@...ux-nfs.org,
James Morris <james.l.morris@...cle.com>,
Sedat Dilek <sedat.dilek@...il.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] MODSIGN: Change default key details [ver #2]
On Tue, 2015-05-05 at 15:34 +0100, David Howells wrote:
> Abelardo Ricart III <aricart@...nix.com> wrote:
>
> > Here's a (barely tested) patch to show what I mean with the config option.
> > The
> > default case is to always generate a new key at build
> > (MODULE_SIG_BUILDGEN=y)
> > and fallback on generating keys during build only if one doesn't exist
> > (MODULE_SIG_BUILDGEN=n).
>
> Does it cope with randconfig?
>
> David
Well it would only depend on MODULE_SIG, and switching it on and off again
would do exactly what it says it's going to do: either regenerate the signing
keys every time, or don't if they already exist.
I would have to actually change the logic slightly so it works strictly as
intended though. So no, this isn't merge-able at all.
I was more wondering if implementing something to this effect would be okay, so
we can strictly define the behavior at build time (no surprises).
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists