On Tue, 2015-05-19 at 18:50 +0300, Petko Manolov wrote: > On 15-05-19 15:45:58, David Woodhouse wrote: > > We don't want this in the Kconfig since it might then get exposed in > > /proc/config.gz. So make it a parameter to Kbuild instead. This also > > means we don't have to jump through hoops to strip quotes from it, as > > we would if it was a config option. > > If it were on a network-less, secure sign/build server i'd say it is OK. > > However, exposing your private key's password in an environment variable on a > regular Linux box is a bit fishy.
I don't quite understand the objection. If you want the modules to be signed with an external key of your choice, then for the duration of the 'make modules_sign' run (or 'make modules_install if CONFIG_MODULE_SIG_ALL=y) surely the password has to be available *somehow*? You are, of course, free to sign the modules by invoking sign-file directly. In which case you *still* need to provide it with the password for the key somehow, if there is one. Mimi quite rightly pointed out that my original mechanism for this, a CONFIG_MODULE_SIG_KEY_PASSWORD option, was inadvertently exposing it more than was necessary. As it is now, you *only* need it in the environment for the duration of the operations that actually *use* it. Do you have a better suggestion? -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
