> > Yes, there may be more than stripped and unstripped. You may need to > do fancy things. But now, adding a signature is so easy that it's > not a real problem. And we can always have a hook, like: > > if VARIANTS=`make-module-variants $MOD`; then > for m in $VARIANTS; do sign $m >> $MOD; rm $m; done > fi but that requires you to keep the key around. the most simple and common deployment of this is to generate a key, build the public key into the kernel, sign the modules as you build the kernel, and then destroy the key. And THEN it gets deployed. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
