| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+55aFxo-b3nUAWhG0N7hJkH1goStvBBTCT7XWGD+RJLG0=fsQ@mail.gmail.com>
Date: Wed, 17 Oct 2012 20:14:31 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: David Howells <dhowells@...hat.com>,
David Miller <davem@...emloft.net>,
Rusty Russell <rusty@...tcorp.com.au>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
jwboyer@...hat.com, pjones@...hat.com
Subject: Re: RFC: sign the modules at install time
On Wed, Oct 17, 2012 at 5:54 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
>>
>> One of the main sane use-cases for module signing is:
>>
>> - CONFIG_CHECK_SIGNATURE=y
>> - randomly generated one-time key
>> - "make modules_install; make install"
>> - "make clean" to get rid of the keys.
>> - reboot.
>
> I want that too, but right now 'make clean' leaves the keys around,
> which seems a bit dangerous to me.
Oh, yes, we should make sure the key file gets cleaned up at "make clean".
I have to admit that I never do the whole "make clean/distclean" any
more, I have gotten so used to just going
git clean -dqfx
to get rid of all generated files in a git directory that I no longer
depend on the makefile getting it right for me.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists