On Thu, Apr 30, 2015 at 3:58 PM, David Howells wrote: > Change default key details to be more obviously unspecified. > > Reported-by: Linus Torvalds > Signed-off-by: David Howells > Acked-by: James Morris > --- > > Documentation/module-signing.txt | 6 +++--- > kernel/Makefile | 6 +++--- > 2 files changed, 6 insertions(+), 6 deletions(-) > > diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt > index 09c2382ad055..c72702ec1ded 100644 > --- a/Documentation/module-signing.txt > +++ b/Documentation/module-signing.txt > @@ -119,9 +119,9 @@ Most notably, in the x509.genkey file, the req_distinguished_name section > should be altered from the default: > > [ req_distinguished_name ] > - O = Magrathea > - CN = Glacier signing key > - emailAddress = slartibartfast@magrathea.h2g2 > + #O = Unspecified company > + CN = Build time autogenerated kernel key > + #emailAddress = unspecified.user@unspecified.company > > The generated RSA key size can also be set with: > > diff --git a/kernel/Makefile b/kernel/Makefile > index 0f8f8b0bc1bf..60c302cfb4d3 100644 > --- a/kernel/Makefile > +++ b/kernel/Makefile > @@ -197,9 +197,9 @@ x509.genkey: > @echo >>x509.genkey "x509_extensions = myexts" > @echo >>x509.genkey > @echo >>x509.genkey "[ req_distinguished_name ]" > - @echo >>x509.genkey "O = Magrathea" > - @echo >>x509.genkey "CN = Glacier signing key" > - @echo >>x509.genkey "emailAddress = slartibartfast@magrathea.h2g2" > + @echo >>x509.genkey "#O = Unspecified company" > + @echo >>x509.genkey "CN = Build time autogenerated kernel key" > + @echo >>x509.genkey "#emailAddress = unspecified.user@unspecified.company" > @echo >>x509.genkey > @echo >>x509.genkey "[ myexts ]" > @echo >>x509.genkey "basicConstraints=critical,CA:FALSE" > [ CC Greg ] Thanks for considering me. I reported missing generated files in the "module signature" area. >From [1]... [ 2.117022] Request for unknown module key 'Magrathea: Glacier signing key: 009aa341bb673735a51dc34b238a0ca481d68098' err -11 [ 2.117114] mii: module verification failed: signature and/or required key missing - tainting kernel This happened a 2nd time with a different kernel-series! Not sure why this was the case. It did not happen when rebuilding with the same kernel-config again. Not sure if parallel-make-jobs might be a cause for this (see attached build-script). $ egrep -i 'signature|module_sig' /boot/config-4.0.1-1-iniza-small | grep ^CONFIG CONFIG_MODULE_SIG=y CONFIG_MODULE_SIG_ALL=y CONFIG_MODULE_SIG_SHA512=y CONFIG_MODULE_SIG_HASH="sha512" CONFIG_INTEGRITY_SIGNATURE=y CONFIG_SIGNATURE=y For my quick builds of rcN Linux-kernels I normally do not need signing my modules. I really do not use it (it's taken from the Ubuntu kernel-settings). Attached is my simple build-script for generating Debian/Ubuntu kernel packages via builddeb script. If you have any ideas/hints please let me know. - Sedat - [1] https://lkml.org/lkml/2015/2/9/396