On Tue, 2012-12-04 at 18:14 +0000, David Howells wrote: > Rusty Russell <[email protected]> wrote: > > > > +PHONY += _newmodpubkey_ > > > +_newmodpubkey_: > > > + @rm -f $(MODSECKEY) $(MODPUBKEY) > > > + $(Q)$(MAKE) -W kernel/modsign_pubkey.o > > Please don't do this. It can muck up the dependencies as make thinks it has > already done this file at this point. Also, rebuilding bzImage yet again > wouldn't be the best. We already do it a number of times. Further, if > vmlinux is already installed when you rebuild, you may confuse gdb if the > debuginfo then no longer matches vmlinux.
> You have to expose the private key *anyway* - so how much does this actually > gain you? Especially with a one-shot transient key. The issue is creating a new keypair is tied to modsign_pubkey. This patch forces the creation of a new keypair, by removing the existing one, compiles modsign_pubkey.o, and rebuilds the bzImage, and only then signs the kernel modules and removes the private key. The benefits of defining a separate target to generate a keypair are described in the patch description. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
