Re: [PATCH] MODSIGN: Change default key details [ver #2]

From: David Woodhouse
Date: Mon May 18 2015 - 12:07:49 EST

Next message: Dan Carpenter: "Re: [PATCH v2] staging: rtl8712: Use ether_addr_copy() instead of memcpy()"
Previous message: Sebastian Hesselbarth: "Re: [PATCH v5 3/3] ARM: berlin: add an ADC node for the BG2Q"
In reply to: David Howells: "Re: [PATCH] MODSIGN: Change default key details [ver #2]"
Next in thread: David Howells: "Re: [PATCH] MODSIGN: Change default key details [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2015-05-07 at 14:15 +0200, Michal Marek wrote:
> > I like
> > Linus's use of the filechk macro on the second - but we shouldn't overwrite
> > keys someone has manually placed in the tree if the key generation template
> > changes due to git pull altering kernel/Makefile.
>
> That's the problem with allowing a file to be either user-supplied or
> generated. We can use separate files for the user-supplied/generated
> cases like below and solve this for good.

Alternatively, we could declare that signing_key.priv/signing_key.x509
are *always* auto-generated. If the user wants to use a pregenerated
key of their own then they can use CONFIG_MODULE_SIG_KEYÂ for that.

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@xxxxxxxxx Intel CorporationÂ http://git.infradead.org/users/dwmw2/modsign-pkcs11-c.git/commitdiff/3d69ae738

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Dan Carpenter: "Re: [PATCH v2] staging: rtl8712: Use ether_addr_copy() instead of memcpy()"
Previous message: Sebastian Hesselbarth: "Re: [PATCH v5 3/3] ARM: berlin: add an ADC node for the BG2Q"
In reply to: David Howells: "Re: [PATCH] MODSIGN: Change default key details [ver #2]"
Next in thread: David Howells: "Re: [PATCH] MODSIGN: Change default key details [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]