Alexander Holler <holler@xxxxxxxxxxxxx> wrote: > 1. I have no idea about how distro maintainers do handle their private and > public keys used to sign modules. In Fedora and RHEL, at least, we use a one-off on-the-fly generated transient key for each rpm build. When a kernel is built by rpmbuild, the source directory is generated afresh and a new key created each time. In the build farms, the kernel build tree is simply erased, private key and all, at the conclusion of the build. We make no effort to retain the transient private key as (1) it would require special handling for kernel builds to avoid leaking it, (2) it might impact non-buildfarm builds, and (3) it's more secure that no one has the private key. One thing that you have to be careful of with your patch is that if you turn it on during development, this will drain the entropy pool from which you get random numbers. David -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html