On Wed, Oct 17, 2012 at 5:54 PM, Greg KH <gre...@linuxfoundation.org> wrote: >> >> One of the main sane use-cases for module signing is: >> >> - CONFIG_CHECK_SIGNATURE=y >> - randomly generated one-time key >> - "make modules_install; make install" >> - "make clean" to get rid of the keys. >> - reboot. > > I want that too, but right now 'make clean' leaves the keys around, > which seems a bit dangerous to me.
Oh, yes, we should make sure the key file gets cleaned up at "make clean". I have to admit that I never do the whole "make clean/distclean" any more, I have gotten so used to just going git clean -dqfx to get rid of all generated files in a git directory that I no longer depend on the makefile getting it right for me. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/