Re: Should we automatically generate a module signing key at all?
From: David Woodhouse
Date: Mon May 18 2015 - 12:55:46 EST
On Mon, 2015-05-18 at 09:22 -0700, Linus Torvalds wrote:
> On Mon, May 18, 2015 at 9:19 AM, David Woodhouse <dwmw2@xxxxxxxxxxxxx
> > wrote:
> >
> > I prefer the other solution I suggested a few minutes ago â let
> > signing_key.{priv,x509} be autogenerated, and if the user wants to
> > provide their own then let them call it something else.
>
> Absolutely. And external keys probably shouldn't be in the build tree
> at all, they should be a pointer to outside the build tree (ie "I
> have my magic kernel key on the USB key that I mount at xyz").
I basically have that already working at
http://git.infradead.org/users/dwmw2/modsign-pkcs11-c.git
For an external key, I think I'm happy to insist that *both* cert and
key be present at $CONFIG_MODULE_SIG_KEY â it's either a PEM file with
both, or a PKCS#11 URI which identifies both. There doesn't seem to be
much point in allowing them to be in separate files.
I'm tempted to convert the autogenerated keys to do the same, so we
*always* extract signing_key.x509 from the 'key' file. But then again,
it (counter-intuitively) makes the dependencies non-trivial so I probably
won't.
I am moderately unhappy with the fact that CONFIG_MODULE_SIG_KEY being
equal to its default of 'signing_key.priv' is a special case meaning
'in-tree, autogenerated'. My first incarnation had an explicit boolean
variable for 'use an external key' but... randconfig would have broken.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse@xxxxxxxxx Intel Corporation
Attachment:
smime.p7s
Description: S/MIME cryptographic signature