On 6/28/21 3:11 PM, Linus Torvalds wrote:
On Mon, Jun 28, 2021 at 11:33 AM Stefan Berger <stefanb@xxxxxxxxxxxxx> wrote:
The removal is triggered by the user changing the type of key from what
is in the keyfile.
So no. No backups either. Because there is not a single valid
situation where you'd want a backup - because the kernel build should
never EVER modify the original.
Maybe I misunderstand what is going on, but I think the whole thing is
completely wrongly designed. The _only_ key that the kernel build
should touchn is the auto-generated throw-away one (ie
"certs/signing_key.pem"), not CONFIG_MODULE_SIG_KEY in general.
Correct, and the code (certs/Makefile) is surrounded by the check for
this particular file here, so it won't touch anything else:
[...]
ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem")
ifeq ($(openssl_available),yes)
X509TEXT=$(shell openssl x509 -in $(CONFIG_MODULE_SIG_KEY) -text)
endif
# Support user changing key type
ifdef CONFIG_MODULE_SIG_KEY_TYPE_ECDSA
keytype_openssl = -newkey ec -pkeyopt ec_paramgen_curve:secp384r1
ifeq ($(openssl_available),yes)
$(if $(findstring id-ecPublicKey,$(X509TEXT)),,$(shell rm -f
$(CONFIG_MODULE_SIG_KEY)))
endif
endif # CONFIG_MODULE_SIG_KEY_TYPE_ECDSA
ifdef CONFIG_MODULE_SIG_KEY_TYPE_RSA
ifeq ($(openssl_available),yes)
$(if $(findstring rsaEncryption,$(X509TEXT)),,$(shell rm -f
$(CONFIG_MODULE_SIG_KEY)))
endif
endif # CONFIG_MODULE_SIG_KEY_TYPE_RSA
[...]
There's one dent in this patch series that requires suppressing an error
output: https://lkml.org/lkml/2021/6/25/452
Stefan
Linus
