I forgot to CC this mailing list. Begin forwarded message:
Date: Sat, 2 Jan 2016 16:13:50 +0100 From: Luis Ressel <[email protected]> To: [email protected] Cc: [email protected], David Howells <[email protected]>, David Woodhouse <[email protected]> Subject: [PATCH] Restrict read access to private module signing key The autogenerated module signing key shouldn't be world-readable. Signed-off-by: Luis Ressel <[email protected]> --- certs/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/certs/Makefile b/certs/Makefile index 28ac694..7f1f082 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -49,6 +49,8 @@ $(obj)/signing_key.pem: $(obj)/x509.genkey @echo "### needs to be run as root, and uses a hardware random" @echo "### number generator if one is available." @echo "###" + touch $(obj)/signing_key.pem + chmod 0600 $(obj)/signing_key.pem openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \ -batch -x509 -config $(obj)/x509.genkey \ -outform PEM -out $(obj)/signing_key.pem \ -- 2.6.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
