On Mon, 2015-05-18 at 09:22 -0700, Linus Torvalds wrote: > On Mon, May 18, 2015 at 9:19 AM, David Woodhouse <[email protected] > > wrote: > > > > I prefer the other solution I suggested a few minutes ago — let > > signing_key.{priv,x509} be autogenerated, and if the user wants to > > provide their own then let them call it something else. > > Absolutely. And external keys probably shouldn't be in the build tree > at all, they should be a pointer to outside the build tree (ie "I > have my magic kernel key on the USB key that I mount at xyz").
I basically have that already working at http://git.infradead.org/users/dwmw2/modsign-pkcs11-c.git For an external key, I think I'm happy to insist that *both* cert and key be present at $CONFIG_MODULE_SIG_KEY — it's either a PEM file with both, or a PKCS#11 URI which identifies both. There doesn't seem to be much point in allowing them to be in separate files. I'm tempted to convert the autogenerated keys to do the same, so we *always* extract signing_key.x509 from the 'key' file. But then again, it (counter-intuitively) makes the dependencies non-trivial so I probably won't. I am moderately unhappy with the fact that CONFIG_MODULE_SIG_KEY being equal to its default of 'signing_key.priv' is a special case meaning 'in-tree, autogenerated'. My first incarnation had an explicit boolean variable for 'use an external key' but... randconfig would have broken. -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
