On Thu, 2015-05-07 at 14:15 +0200, Michal Marek wrote: > > I like > > Linus's use of the filechk macro on the second - but we shouldn't overwrite > > keys someone has manually placed in the tree if the key generation template > > changes due to git pull altering kernel/Makefile. > > That's the problem with allowing a file to be either user-supplied or > generated. We can use separate files for the user-supplied/generated > cases like below and solve this for good.
Alternatively, we could declare that signing_key.priv/signing_key.x509 are *always* auto-generated. If the user wants to use a pregenerated key of their own then they can use CONFIG_MODULE_SIG_KEY¹ for that. -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation¹ http://git.infradead.org/users/dwmw2/modsign-pkcs11-c.git/commitdiff/3d69ae738
smime.p7s
Description: S/MIME cryptographic signature
