On Wed, Oct 17, 2012 at 5:54 PM, Greg KH <gre...@linuxfoundation.org> wrote:
>>
>> One of the main sane use-cases for module signing is:
>>
>> - CONFIG_CHECK_SIGNATURE=y
>> - randomly generated one-time key
>> - "make modules_install; make install"
>> - "make clean" to get rid of the keys.
>> - reboot.
>
> I want that too, but right now 'make clean' leaves the keys around,
> which seems a bit dangerous to me.
Oh, yes, we should make sure the key file gets cleaned up at "make clean".
I have to admit that I never do the whole "make clean/distclean" any
more, I have gotten so used to just going
git clean -dqfx
to get rid of all generated files in a git directory that I no longer
depend on the makefile getting it right for me.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
