Re: Should we automatically generate a module signing key at all?

From: Linus Torvalds
Date: Thu May 21 2015 - 20:03:11 EST

Next message: Ezequiel Garcia: "[PATCH 3/9] clk: pistachio: Implement PLL rate adjustment"
Previous message: Ezequiel Garcia: "[PATCH 5/9] clk: pistachio: Add a MUX_F macro to pass clk_flags"
In reply to: George Spelvin: "Re: Should we automatically generate a module signing key at all?"
Next in thread: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 21, 2015 at 4:54 PM, George Spelvin <linux@xxxxxxxxxxx> wrote:
>
> The annoying thing is that it's a two-pass process: the kernel has to
> have the hashes of ALL of the modules to generate the sibling hashes
> for ANY of them.

It's also very annoying because the whole build gets much nastier,
particularly if you want to have modules in external trees.

In short, I don't see any actual *advantages* over just using signed
modules. Signing is much more flexible, and thanks to that extra
indirection (the signing key), there are no ordering constraints on
generating modules vs the kernel.

I realize that people have political objections to signing, but it's
the better technology, for chissake!

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ezequiel Garcia: "[PATCH 3/9] clk: pistachio: Implement PLL rate adjustment"
Previous message: Ezequiel Garcia: "[PATCH 5/9] clk: pistachio: Add a MUX_F macro to pass clk_flags"
In reply to: George Spelvin: "Re: Should we automatically generate a module signing key at all?"
Next in thread: Andy Lutomirski: "Re: Should we automatically generate a module signing key at all?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]