| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Aug 2012 16:33:00 +0200
From: Michal Marek <mmarek@...e.cz>
To: David Howells <dhowells@...hat.com>
Cc: rusty@...tcorp.com.au, dmitry.kasatkin@...el.com,
zohar@...ux.vnet.ibm.com, jmorris@...ei.org,
keyrings@...ux-nfs.org, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 20/25] MODSIGN: Provide module signing public keys to
the kernel
On 16.8.2012 03:37, David Howells wrote:
> +asm(".section .init.data,\"aw\"\n"
> + "modsign_public_keys:\n"
> + ".incbin \"modsign.pub\"\n"
> + "modsign_public_keys_end:"
> + );
> +
> +/*
> + * We need to make sure ccache doesn't cache the .o file as it doesn't notice
> + * if modsign.pub changes.
> + */
> +static __initdata const char annoy_ccache[] = __TIME__ "foo";
This results in a different object file after each build, even if
modsign.pub is the same :(. How about generating a modsign-hash.c with
the following content
static __initdata const char annoy_ccache[] = "<some checksum of
modsign.pub, or the key fingerprint>";
and including it in modsign-pubkey.c with the preprocessor? When
changing the public key, modsign.hash.c would change as well and ccache
would notice it. But when doing a rebuild from the same source with the
same public key, the resulting object file would not change.
Thanks,
Michal
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists