This is the same patch posted earlier but with the feedback from Steven J.
Long from the last post on the previous thread. (Thanks!)
Signed kernel modules require that the kernel is compiled with
CONFIG_MODULE_SIG=y so that during compilation, the public key hash is
stored in the kernel so that
On Wed, Mar 6, 2013 at 9:14 PM, Peter Stuge wrote:
> Carlos Silva wrote:
> > > > If one wants to create a key himself, it's also possible to use this
> > > > key, he just has to name it signing_key.priv and siging_key.x509 and
> > > > put it under /usr/src/linux.
> > >
> > > Do you know if this i
Carlos Silva wrote:
> > > If one wants to create a key himself, it's also possible to use this
> > > key, he just has to name it signing_key.priv and siging_key.x509 and
> > > put it under /usr/src/linux.
> >
> > Do you know if this is a sane default?
> >
> > Where do most users of signed modules s
On Wed, Mar 6, 2013 at 8:39 PM, Peter Stuge wrote:
> Carlos Silva wrote:
> > If one wants to create a key himself, it's also possible to use this
> > key, he just has to name it signing_key.priv and siging_key.x509 and
> > put it under /usr/src/linux.
>
> Do you know if this is a sane default?
>
Carlos Silva wrote:
> If one wants to create a key himself, it's also possible to use this
> key, he just has to name it signing_key.priv and siging_key.x509 and
> put it under /usr/src/linux.
Do you know if this is a sane default?
Where do most users of signed modules store keys so far?
//Pete
On Wed, Mar 6, 2013 at 6:32 PM, Steev Klimaszewski wrote:
> # This looks messy, but it is needed to handle multiple variables
> # being passed in the BUILD_* stuff where the variables also have
> - # spaces that must be preserved. If don't do this, then the stuff
> + # spaces that must be pre
-Original Message-
From: Carlos Silva
To: gentoo-dev@lists.gentoo.org
Subject: [gentoo-dev] [RFC] patch linux-mod.eclass to add support for
module signing
Date: Wed, 6 Mar 2013 18:25:38 -0100
@@ -663,7 +696,7 @@
# This looks messy, but it is needed to handle multiple variables
Hi guys,
I normally hang out on irc on #gentoo-kernel and a bunch of other #gentoo-*
channels. I stumble across the discussion of bug 447352 [1] that was
reported by a user that was enforcing module signatures on the kernel. This
made me to this patch (I talked to Mike before doing this).
Signed