linux/scripts
David Howells 80d65e58e9 MODSIGN: Sign modules during the build process
If CONFIG_MODULE_SIG is set, then this patch will cause all modules files to
to have signatures added.  The following steps will occur:

 (1) The module will be linked to foo.ko.unsigned instead of foo.ko

 (2) The module will be stripped using both "strip -x -g" and "eu-strip" to
     ensure minimal size for inclusion in an initramfs.

 (3) The signature will be generated on the stripped module.

 (4) The signature will be appended to the module, along with some information
     about the signature and a magic string that indicates the presence of the
     signature.

Step (3) requires private and public keys to be available.  By default these
are expected to be found in files:

	signing_key.priv
	signing_key.x509

in the base directory of the build.  The first is the private key in PEM form
and the second is the X.509 certificate in DER form as can be generated from
openssl:

	openssl req \
		-new -x509 -outform PEM -out signing_key.x509 \
		-keyout signing_key.priv -nodes \
		-subj "/CN=H2G2/O=Magrathea/CN=Slartibartfast"

If the secret key is not found then signing will be skipped and the unsigned
module from (1) will just be copied to foo.ko.

If signing occurs, lines like the following will be seen:

	LD [M]  fs/foo/foo.ko.unsigned
	STRIP [M] fs/foo/foo.ko.stripped
	SIGN [M] fs/foo/foo.ko

will appear in the build log.  If the signature step will be skipped and the
following will be seen:

	LD [M]  fs/foo/foo.ko.unsigned
	STRIP [M] fs/foo/foo.ko.stripped
	NO SIGN [M] fs/foo/foo.ko

NOTE!  After the signature step, the signed module _must_not_ be passed through
strip.  The unstripped, unsigned module is still available at the name on the
LD [M] line.  This restriction may affect packaging tools (such as rpmbuild)
and initramfs composition tools.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-10-10 20:06:33 +10:30
..
basic fixdep: fix extraneous dependencies 2011-09-09 11:45:47 +02:00
coccinelle scripts/coccinelle: list iterator variable semantic patch 2012-07-13 23:06:34 +02:00
dtc scripts: dtc: fix compile warnings 2012-03-24 23:07:35 +01:00
genksyms scripts/genksyms: clean lex/yacc generated files 2012-01-08 14:48:15 +01:00
kconfig Improve localmodconfig to remove even more unused module configs. 2012-07-30 13:17:41 -07:00
ksymoops
mod USB patches for 3.6-rc1 2012-07-26 10:23:47 -07:00
package deb-pkg: Add all Makefiles to header package 2012-06-28 10:48:08 +02:00
rt-tester Fix common misspellings 2011-03-31 11:26:23 -03:00
selinux Create Documentation/security/, 2011-05-19 15:59:38 -07:00
tracing tracing, perf: Convert the power tracer into an event tracer 2009-09-19 11:42:12 +02:00
.gitignore X.509: Add simple ASN.1 grammar compiler 2012-10-08 13:50:19 +10:30
asn1_compiler.c X.509: Add simple ASN.1 grammar compiler 2012-10-08 13:50:19 +10:30
bin2c.c
bloat-o-meter bloat-o-meter: include read-only data section in report 2011-03-22 17:44:17 -07:00
bootgraph.pl bootgraph.pl: relax timing information requirements 2011-06-13 00:04:57 +02:00
checkincludes.pl checkincludes: fix perlcritic warnings 2010-03-07 21:19:57 +01:00
checkkconfigsymbols.sh checkkconfigsymbols.sh: Kconfig symbols sometimes have lowercase letters 2010-06-03 10:39:39 +02:00
checkpatch.pl checkpatch: add control statement test to SINGLE_STATEMENT_DO_WHILE_MACRO 2012-08-21 16:45:02 -07:00
checkstack.pl Haavard Skinnemoen has left Atmel 2011-05-18 23:24:50 +02:00
checksyscalls.sh checksyscalls: Use arch/x86/syscalls/syscall_32.tbl as source 2011-11-17 13:35:37 -08:00
checkversion.pl kbuild: don't warn about include/linux/version.h not including itself 2011-04-29 15:38:55 +02:00
cleanfile
cleanpatch
coccicheck coccicheck: change handling of C={1,2} when M= is set 2012-02-24 23:50:19 +01:00
config Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2012-07-30 11:23:37 -07:00
conmakehash.c Fix all -Wmissing-prototypes warnings in x86 defconfig 2009-09-23 07:39:28 -07:00
decodecode scripts/decodecode: Fixup trapping instruction marker 2012-08-16 11:15:09 -07:00
depmod.sh kbuild: do not check for ancient modutils tools 2012-01-23 15:12:19 +01:00
diffconfig
docproc.c docproc: cleanup brace placement 2011-06-16 20:40:03 +02:00
export_report.pl export_report: use warn() to issue WARNING, so they go to stderr 2011-05-24 16:07:07 +02:00
extract-ikconfig scripts/extract-ikconfig: add xz compression support 2011-02-10 15:23:03 +01:00
extract-vmlinux scripts: add extract-vmlinux 2011-08-31 16:12:17 +02:00
gcc-goto.sh ARM: 7333/2: jump label: detect %c support for ARM 2012-03-24 09:38:56 +00:00
gcc-version.sh
gcc-x86_32-has-stack-protector.sh
gcc-x86_64-has-stack-protector.sh
gen_initramfs_list.sh Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-05-24 13:31:37 -07:00
get_maintainer.pl get_maintainer: Fix --help warning 2012-06-20 14:39:36 -07:00
gfp-translate chmod +x scripts/gfp-translate 2012-06-27 12:44:29 -07:00
headerdep.pl headerdep: perlcritic warning 2010-03-23 12:26:38 +01:00
headers_check.pl headers_check: recursively search for linux/types.h inclusion 2012-03-26 14:54:27 +02:00
headers_install.pl headers_install: fix __packed in exported kernel headers 2011-06-24 16:56:05 +02:00
headers.sh kbuild, headers.sh: Don't make archheaders explicitly 2011-11-22 14:47:50 -08:00
kallsyms.c scripts/kallsyms.c: fix potential segfault 2011-05-12 17:23:40 +02:00
Kbuild.include scripts/Kbuild.include: Fix portability problem of "echo -e" 2012-03-24 23:32:05 +01:00
kernel-doc scripts/kernel-doc: fix fatal script error 2012-08-17 09:19:07 -07:00
Lindent
link-vmlinux.sh Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lliubbo/blackfin 2012-09-12 07:12:53 +08:00
Makefile X.509: Add simple ASN.1 grammar compiler 2012-10-08 13:50:19 +10:30
Makefile.asm-generic kbuild: silence Nothing to be done for 'all' message 2011-06-09 11:48:19 +02:00
Makefile.build X.509: Add simple ASN.1 grammar compiler 2012-10-08 13:50:19 +10:30
Makefile.clean kbuild: Really don't clean bounds.h and asm-offsets.h 2010-03-11 11:15:22 +01:00
Makefile.fwinst firmware: fix directory creation rule matching with make 3.82 2012-08-30 16:27:13 +02:00
Makefile.headersinst kbuild: Add support for installing generated asm headers 2011-11-17 13:14:36 -08:00
Makefile.help Add a target to use the Coccinelle checker 2010-06-12 00:00:29 +02:00
Makefile.host
Makefile.lib Kbuild: centralize MKIMAGE and cmd_uimage definitions 2012-03-26 15:49:20 +02:00
Makefile.modbuiltin kbuild: Create output directory in Makefile.modbuiltin 2010-06-10 12:23:08 +02:00
Makefile.modinst
Makefile.modpost MODSIGN: Sign modules during the build process 2012-10-10 20:06:33 +10:30
makelst
markup_oops.pl Merge branch 'for-35' of git://repo.or.cz/linux-kbuild 2010-06-01 08:55:52 -07:00
mkcompile_h Fix handling of backlash character in LINUX_COMPILE_BY name 2011-04-29 15:55:45 +02:00
mkmakefile kbuild: silence generated makefile message 2011-07-20 17:08:08 +02:00
mksysmap trivial: typo in comment in mksysmap 2012-07-20 10:36:05 +02:00
mkuboot.sh mkuboot.sh: Fail if mkimage is missing 2011-01-07 14:31:01 +01:00
mkversion
module-common.lds module: Sort exported symbols 2011-05-19 16:55:27 +09:30
namespace.pl Revert "namespace: add source file location exceptions" 2010-10-28 00:59:56 +02:00
patch-kernel scripts/patch-kernel: digest kernel.org hosted .xz patches 2012-03-30 15:23:36 +02:00
pnmtologo.c fbdev: work around old compiler bug 2009-06-30 18:55:59 -07:00
profile2linkerlist.pl profile2linkerlist: fix perl warnings 2010-03-07 21:39:33 +01:00
recordmcount.c ftrace/s390: mcount offset calculation 2011-05-16 15:05:06 -04:00
recordmcount.h recordmcount: Fix handling of elf64 big-endian objects. 2012-01-06 17:06:42 -05:00
recordmcount.pl ftrace/s390: mcount offset calculation 2011-05-16 15:05:06 -04:00
setlocalversion setlocalversion: Use "grep -q" instead of piping output to "read dummy" 2012-03-26 22:54:00 +02:00
show_delta scripts: change scripts to use system python instead of env 2010-02-02 14:33:56 +01:00
sign-file MODSIGN: Sign modules during the build process 2012-10-10 20:06:33 +10:30
sortextable.c s390/exceptions: sort exception table at build time 2012-07-26 10:07:25 +02:00
sortextable.h scripts/sortextable: Handle relative entries, and other cleanups 2012-04-24 11:42:20 -07:00
tags.sh scripts/tags.sh: Teach [ce]tags about libtraceeevent error codes 2012-07-26 14:31:23 +02:00
unifdef.c unifdef: update to upstream version 2.5 2011-01-22 15:50:59 +01:00
ver_linux
x509keyid MODSIGN: Provide a script for generating a key ID from an X.509 cert 2012-10-10 20:06:33 +10:30
xz_wrap.sh xz: Enable BCJ filters on SPARC and 32-bit x86 2012-04-18 13:13:18 -07:00