Mimi Zohar <zo...@linux.vnet.ibm.com> writes: > On Wed, 2012-09-05 at 09:59 +0930, Rusty Russell wrote: >> "Kasatkin, Dmitry" <dmitry.kasat...@intel.com> writes: >> > Hi, >> > >> > Please read bellow... >> > >> > On Tue, Sep 4, 2012 at 8:55 AM, Rusty Russell <ru...@rustcorp.com.au> >> > wrote: >> >> OK, I took a look at the module.c parts of David and Dmitry's patchsets, >> >> and didn't really like either, but I stole parts of David's to make >> >> this. >> >> >> >> So, here's the module.c part of module signing. I hope you two got time >> >> to discuss the signature format details? Mimi suggested a scheme where >> >> the private key would never be saved on disk (even temporarily), but I >> >> didn't see patches. Frankly it's something we can do later; let's aim >> >> at getting the format right for the next merge window. >> > >> > In our patches key is stored on the disc in encrypted format... >> >> Oh, I missed that twist. Thanks for the explanation. >> >> On consideration, I prefer signing to be the final part of the "modules" >> target rather than modules_install. I run the latter as root, and that >> is wrong for doing any code generation. > > Agreed, but keep in mind that 'modules_install' could subsequently strip > the module.
That had better be part of your signing step then! Cheers, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/