Re: [PATCHv2] sign-file,extract-cert: use KBUILD_SIGN_PIN in provider mode

Next message: Krzysztof Kozlowski: "Re: [PATCH v2 2/3] clk: qcom: dispcc-eliza: Add Eliza display clock controller support"
Previous message: Andy Shevchenko: "Re: [PATCH v5 4/4] iio: adc: ad799x: use devm_iio_device_register and drop remove()"
In reply to: Anton Lundin: "[PATCHv2] sign-file,extract-cert: use KBUILD_SIGN_PIN in provider mode"
Next in thread: James Bottomley: "Re: [PATCHv2] sign-file,extract-cert: use KBUILD_SIGN_PIN in provider mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: James Bottomley

Date: Wed Mar 18 2026 - 10:52:38 EST

On Wed, 2026-03-18 at 10:02 +0100, Anton Lundin wrote:
> This adds support for the documented KBUILD_SIGN_PIN functionality to
> sign-file and extract-cert when built with USE_PKCS11_PROVIDER.

Why would you do this? It's going to pop up a prompt for a password
for every module you have ... that can be hundreds to thousands in a
distribution kernel, so it's unscalable. The usual way we do this is
to put the password into an environment variable (insecure but
scalable) but I suppose if you have a more secure solution there might
be interest.

Regards,

James