| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <54C2926E.1040700@ahsoftware.de> Date: Fri, 23 Jan 2015 19:26:54 +0100 From: Alexander Holler <holler@...oftware.de> To: Michal Marek <mmarek@...e.cz>, linux-kernel@...r.kernel.org CC: linux-kbuild@...r.kernel.org, David Howells <dhowells@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [PATCH] modsign: provide option to automatically delete the key after modules were installed Am 23.01.2015 um 13:34 schrieb Alexander Holler: > 4. With some scripting it should be possible to extract the public key > out of an existing binary kernel. So there is no real need to change the > already complicated build process which might make it even more > complicated. BTW: With "more complicated" I meant that it isn't just done with making modules_install depend on the private key. That would end up with the following when the public key exist but the private key doesn't: - kernel is build including the public key - private key (and thus the public key) will be generated newly - modules will be installed using a key the kernel doesn't know about So the solution to just delete both keys looks for me still like the most easy and thus preferable way to implement that feature with just a few line of changes. Regards, Alexander Holler -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists