[gentoo-dev] [RFC] patch linux-mod.eclass to add support for module signing V2

This is the same patch posted earlier but with the feedback from Steven J. Long from the last post on the previous thread. (Thanks!) Signed kernel modules require that the kernel is compiled with CONFIG_MODULE_SIG=y so that during compilation, the public key hash is stored in the kernel so that

Re: [gentoo-dev] [RFC] patch linux-mod.eclass to add support for module signing

On Wed, Mar 6, 2013 at 9:14 PM, Peter Stuge wrote: > Carlos Silva wrote: > > > > If one wants to create a key himself, it's also possible to use this > > > > key, he just has to name it signing_key.priv and siging_key.x509 and > > > > put it under /usr/src/linux. > > > > > > Do you know if this i

Re: [gentoo-dev] [RFC] patch linux-mod.eclass to add support for module signing

Carlos Silva wrote: > > > If one wants to create a key himself, it's also possible to use this > > > key, he just has to name it signing_key.priv and siging_key.x509 and > > > put it under /usr/src/linux. > > > > Do you know if this is a sane default? > > > > Where do most users of signed modules s

Re: [gentoo-dev] [RFC] patch linux-mod.eclass to add support for module signing

On Wed, Mar 6, 2013 at 8:39 PM, Peter Stuge wrote: > Carlos Silva wrote: > > If one wants to create a key himself, it's also possible to use this > > key, he just has to name it signing_key.priv and siging_key.x509 and > > put it under /usr/src/linux. > > Do you know if this is a sane default? >

Re: [gentoo-dev] [RFC] patch linux-mod.eclass to add support for module signing

Carlos Silva wrote: > If one wants to create a key himself, it's also possible to use this > key, he just has to name it signing_key.priv and siging_key.x509 and > put it under /usr/src/linux. Do you know if this is a sane default? Where do most users of signed modules store keys so far? //Pete

Re: [gentoo-dev] [RFC] patch linux-mod.eclass to add support for module signing

On Wed, Mar 6, 2013 at 6:32 PM, Steev Klimaszewski wrote: > # This looks messy, but it is needed to handle multiple variables > # being passed in the BUILD_* stuff where the variables also have > - # spaces that must be preserved. If don't do this, then the stuff > + # spaces that must be pre

Re: [gentoo-dev] [RFC] patch linux-mod.eclass to add support for module signing

-Original Message- From: Carlos Silva To: gentoo-dev@lists.gentoo.org Subject: [gentoo-dev] [RFC] patch linux-mod.eclass to add support for module signing Date: Wed, 6 Mar 2013 18:25:38 -0100 @@ -663,7 +696,7 @@ # This looks messy, but it is needed to handle multiple variables

[gentoo-dev] [RFC] patch linux-mod.eclass to add support for module signing

Hi guys, I normally hang out on irc on #gentoo-kernel and a bunch of other #gentoo-* channels. I stumble across the discussion of bug 447352 [1] that was reported by a user that was enforcing module signatures on the kernel. This made me to this patch (I talked to Mike before doing this). Signed