| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 20 Oct 2012 09:47:43 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Romain Francoise <romain@...bokech.com>
Cc: Josh Boyer <jwboyer@...hat.com>,
Rusty Russell <rusty@...tcorp.com.au>,
David Howells <dhowells@...hat.com>,
David Miller <davem@...emloft.net>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
pjones@...hat.com
Subject: Re: RFC: sign the modules at install time
On Sat, Oct 20, 2012 at 9:41 AM, Romain Francoise <romain@...bokech.com> wrote:
>
> Yes, however the key generation itself is horribly verbose and doesn't mix
> very well with the output of a parallel build. Now that the modules are
> signed at install time, presumably the key should be generated then as
> well, and the output cleaned up to look like normal Kbuild messages (with
> support for V=1 for the curious).
No, the key needs to be built before the kernel is built, since the
public part (for verification) needs to be built into the kernel (and
we don't want to make "make install" complicated).
Making it less verbose is clearly an option, though. Right now I like
seeing it just to see when the key gets recreated and so people are
aware of it, but the excitement of that will certainly pall quickly
enough ;)
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists