Josh Boyer <jwbo...@gmail.com> writes: > On Thu, Oct 18, 2012 at 2:46 PM, Linus Torvalds > <torva...@linux-foundation.org> wrote: >> On Wed, Oct 17, 2012 at 10:34 PM, Rusty Russell <ru...@rustcorp.com.au> >> wrote: >>> >>> Hacking the keyid and signer-name to be extracted every time by >>> sign-file takes my modules_install time from 18.6 seconds to 19.1. We'd >>> get that back easily by making sign-file a perl script anyway; it calls >>> out to perl 3 times already. >> >> Ok, that tiny slowdown seems worth the cleanup, especially if we'd get >> it back from somebody re-writing it in perl. >> >> Want to sign off on the two patches, or put them in your git tree? > > I tested Rusty's version of the 'sign modules at module_install time' > patch in a Fedora kernel build today. It seems to work well enough, > even if we wind up signing things twice. A brief cleanup of my patch > to add a modules_sign target on top of that is below.
I'm surprised. Only the first signature (create on the unstripped module) will be used by the kernel; this should fail to verify the stripped module. A quick and dirty check is: grep -abo '~Module' /tmp/mod/lib/modules/3.7.0-rc1+/kernel/sound/pci/snd-intel8x0.ko 39828:~Module 40432:~Module Perhaps eu-strip actually strips the appended signature? > It might even be able to be moved entirely into scripts/Makefile.modinst > but I haven't gotten that far yet. I'll leave this for the moment. Cheers, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/