From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751638AbbESUEp (ORCPT <rfc822;w@1wt.eu>);
	Tue, 19 May 2015 16:04:45 -0400
Received: from bombadil.infradead.org ([198.137.202.9]:58099 "EHLO
	bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751136AbbESUEo (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 19 May 2015 16:04:44 -0400
Message-ID: <1432065873.3277.84.camel@infradead.org>
Subject: Re: [PATCH 10/8] modsign: Allow password to be specified for
 signing key
From: David Woodhouse <dwmw2@infradead.org>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Howells <dhowells@redhat.com>, rusty@rustcorp.com.au, mmarek@suse.cz,
        mjg59@srcf.ucam.org, keyrings@linux-nfs.org, dmitry.kasatkin@gmail.com,
        mcgrof@suse.com, linux-kernel@vger.kernel.org,
        seth.forshee@canonical.com, linux-security-module@vger.kernel.org
Date: Tue, 19 May 2015 21:04:33 +0100
In-Reply-To: <1432062843.4510.159.camel@linux.vnet.ibm.com>
References: <1432060749.4510.155.camel@linux.vnet.ibm.com>
	 <20150515123513.16723.96340.stgit@warthog.procyon.org.uk>
	 <1432046758.3277.36.camel@infradead.org>
	 <5444.1432061302@warthog.procyon.org.uk>
	 <1432062843.4510.159.camel@linux.vnet.ibm.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-SRS-Rewrite: SMTP reverse-path rewritten from <dwmw2@infradead.org> by bombadil.infradead.org
	See http://www.infradead.org/rpr.html
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 2015-05-19 at 15:14 -0400, Mimi Zohar wrote:
> On Tue, 2015-05-19 at 19:48 +0100, David Howells wrote:
> > Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> > 
> > > Definitely better.  (FYI, Dmitry's modsig patches from 2012 used the
> > > keyring for safely storing a password. )
> 
> Without the environment variable set, there's a pop up prompt to enter
> the pin.  A pain to have to enter for each and every kernel module, but
> definitely a nice option.

Right. In fact now that sign-file is written in C and not having to call
out to /usr/bin/openssl for each signature, we *could* authenticate to
the PKCS#11 token (or load the private key from the file) just once and
sign all the modules in a *single* invocation.

So you'd only be asked for the password *once*.

The make rules to achieve that are somewhat non-trivial, but it was an
idea we had in our minds when we settled on doing it in C rather than
scripting it.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@intel.com                              Intel Corporation