On 9.2.2014 23:38, Emily Maier wrote: > Currently, the module signing script assumes that the private key is > not password-protected. This patch makes it slightly more secure by > allowing it to be passed in on the command line as "make > modules_install MOD_PASSWORD=abc". It's vulnerable to snooping during > the build of course, but so is an unprotected signing key.
The key's permissions can be set to 0600, while the make commandline is visible in ps. Michal -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
