linux/scripts
Mickaël Salaün addf466389 certs: Check that builtin blacklist hashes are valid
Add and use a check-blacklist-hashes.awk script to make sure that the
builtin blacklist hashes set with CONFIG_SYSTEM_BLACKLIST_HASH_LIST will
effectively be taken into account as blacklisted hashes.  This is useful
to debug invalid hash formats, and it make sure that previous hashes
which could have been loaded in the kernel, but silently ignored, are
now noticed and deal with by the user at kernel build time.

This also prevent stricter blacklist key description checking (provided
by following commits) to failed for builtin hashes.

Update CONFIG_SYSTEM_BLACKLIST_HASH_LIST help to explain the content of
a hash string and how to generate certificate ones.

Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Eric Snowberg <eric.snowberg@oracle.com>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20210712170313.884724-3-mic@digikod.net
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2022-05-23 18:47:49 +03:00
..
atomic atomics: Fix atomic64_{read_acquire,set_release} fallbacks 2022-02-11 12:13:56 +01:00
basic fixdep: use fflush() and ferror() to ensure successful write to files 2022-03-31 12:03:46 +09:00
clang-tools gen_compile_commands: fix missing 'sys' package 2021-09-19 10:13:03 +09:00
coccinelle drop fen.cocci 2022-01-15 12:15:35 +01:00
dtc Devicetree updates for v5.18: 2022-03-26 11:41:53 -07:00
dummy-tools kbuild: dummy-tools: adjust to stricter stackprotector check 2021-05-17 12:10:03 +09:00
gcc-plugins gcc-plugins: latent_entropy: use /dev/urandom 2022-04-12 11:31:40 -07:00
gdb scripts/gdb: lx-dmesg: read records individually 2021-12-16 15:52:38 +01:00
genksyms .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
kconfig kconfig: remove stale comment about removed kconfig_print_symbol() 2022-04-02 00:04:17 +09:00
ksymoops
mod modpost: restore the warning message for missing symbol versions 2022-04-03 03:11:51 +09:00
package kbuild: Add make tarzst-pkg build option 2021-10-12 11:50:46 +09:00
selinux scripts/selinux,selinux: update mdp to enable policy capabilities 2020-08-17 20:42:00 -04:00
tracing scripts/tracing: fix the bug that can't parse raw_trace_func 2021-08-04 17:49:26 -04:00
.gitignore certs: move scripts/extract-cert to certs/ 2022-01-08 18:28:21 +09:00
adjust_autoksyms.sh kbuild: redo fake deps at include/ksym/*.h 2021-09-03 08:17:21 +09:00
as-version.sh kbuild: Switch to 'f' variants of integrated assembler flag 2021-09-03 08:17:20 +09:00
asn1_compiler.c
bin2c.c
bloat-o-meter scripts: switch explicitly to Python 3 2021-01-22 06:34:44 +09:00
bootgraph.pl
bpf_doc.py bpf/scripts: Raise an exception if the correct number of sycalls are not generated 2022-01-19 10:24:50 -08:00
cc-can-link.sh
cc-version.sh kbuild: collect minimum tool versions into scripts/min-tool-version.sh 2021-04-25 05:14:26 +09:00
check_extable.sh scripts: check_extable: fix typo in user error message 2021-09-08 11:50:28 -07:00
check-blacklist-hashes.awk certs: Check that builtin blacklist hashes are valid 2022-05-23 18:47:49 +03:00
check-sysctl-docs
checkdeclares.pl scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
checkincludes.pl
checkkconfigsymbols.py checkkconfigsymbols.py: Remove skipping of help lines in parse_kconfig_file 2021-09-19 10:13:03 +09:00
checkpatch.pl checkpatch: use python3 to find codespell dictionary 2022-03-23 19:00:34 -07:00
checkstack.pl
checksyscalls.sh checksyscalls: Unconditionally ignore fstat{,at}64 2021-10-07 17:16:28 -07:00
checkversion.pl scripts: checkversion: modernize linux/version.h search strings 2021-08-05 20:55:39 +09:00
cleanfile
cleanpatch
coccicheck scripts: coccicheck: fix troubles on non-English builds 2021-05-18 11:09:59 +02:00
config kconfig: config script: add a little user help 2021-01-04 10:38:11 +09:00
const_structs.checkpatch const_structs.checkpatch: add frequently used ops structs 2022-01-20 08:52:54 +02:00
decode_stacktrace.sh scripts/decode_stacktrace.sh: indicate 'auto' can be used for base path 2021-07-08 11:48:22 -07:00
decodecode scripts/decodecode: fix faulting instruction no print when opps.file is DOS format 2021-11-06 13:30:32 -07:00
depmod.sh depmod: handle the case of /sbin/depmod without /sbin in PATH 2021-01-01 12:26:39 -08:00
dev-needs.sh scripts/dev-needs: Add script to list device dependencies 2020-09-04 18:19:37 +02:00
diffconfig scripts: switch explicitly to Python 3 2021-01-22 06:34:44 +09:00
documentation-file-ref-check scripts: documentation-file-ref-check: fix bpf selftests path 2021-10-26 09:42:29 -06:00
export_report.pl
extract_xc3028.pl
extract-ikconfig
extract-module-sig.pl
extract-sys-certs.pl
extract-vmlinux
faddr2line
file-size.sh
find-unused-docs.sh
gcc-goto.sh
gcc-ld
gcc-x86_32-has-stack-protector.sh x86/stackprotector/32: Make the canary into a regular percpu variable 2021-03-08 13:19:05 +01:00
gcc-x86_64-has-stack-protector.sh
gen_autoksyms.sh kbuild: do not quote string values in include/config/auto.conf 2022-01-08 18:03:57 +09:00
gen_ksymdeps.sh kbuild: redo fake deps at include/ksym/*.h 2021-09-03 08:17:21 +09:00
generate_initcall_order.pl init: lto: ensure initcall ordering 2021-01-14 08:21:09 -08:00
get_abi.pl Some late-arriving documentation improvements. This is mostly build-system 2022-03-31 12:10:42 -07:00
get_dvb_firmware
get_feat.pl scripts/get_feat.pl: allow output the parsed file names 2022-03-28 13:53:46 -06:00
get_maintainer.pl get_maintainer: don't remind about no git repo when --nogit is used 2022-01-20 08:52:53 +02:00
gfp-translate
headerdep.pl
headers_install.sh Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 13:29:39 -07:00
insert-sys-cert.c
jobserver-exec scripts/jobserver-exec: Fix a typo ("envirnoment") 2021-05-17 12:10:03 +09:00
kallsyms.c kallsyms: ignore all local labels prefixed by '.L' 2022-02-22 00:44:16 +09:00
Kbuild.include certs: simplify $(srctree)/ handling and remove config_filename macro 2022-01-08 17:46:35 +09:00
Kconfig.include kbuild: check the minimum assembler version in Kconfig 2021-04-25 05:14:41 +09:00
kernel-doc scripts/kernel-doc: change the line number meta info 2022-03-28 13:53:46 -06:00
ld-version.sh kbuild: collect minimum tool versions into scripts/min-tool-version.sh 2021-04-25 05:14:26 +09:00
leaking_addresses.pl leaking_addresses: Always print a trailing newline 2021-10-15 11:25:13 +02:00
Lindent
link-vmlinux.sh objtool: Enable unreachable warnings for CLANG LTO 2022-04-19 21:58:48 +02:00
Makefile ftrace: Have architectures opt-in for mcount build time sorting 2022-01-27 19:15:44 -05:00
Makefile.asm-generic kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.build objtool: Enable unreachable warnings for CLANG LTO 2022-04-19 21:58:48 +02:00
Makefile.clang um: Allow builds with Clang 2022-03-21 08:13:03 -07:00
Makefile.clean kbuild: replace $(if A,A,B) with $(or A,B) 2022-02-15 12:25:56 +09:00
Makefile.compiler kbuild: remove TMPO from try-run 2021-04-25 05:25:56 +09:00
Makefile.debug kbuild: split DEBUG_CFLAGS out to scripts/Makefile.debug 2021-10-24 13:48:33 +09:00
Makefile.dtbinst kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.extrawarn Kbuild: add -Wno-shift-negative-value where -Wextra is used 2022-03-13 17:30:31 +09:00
Makefile.gcc-plugins gcc-plugins/stackleak: Provide verbose mode 2022-02-06 10:49:57 -08:00
Makefile.headersinst kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.host kbuild: sort hostprogs before passing it to ifneq 2020-08-10 01:32:59 +09:00
Makefile.kasan kasan: always respect CONFIG_KASAN_STACK 2021-09-24 16:13:35 -07:00
Makefile.kcov kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled 2020-08-10 01:32:59 +09:00
Makefile.kcsan kcsan: Ignore GCC 11+ warnings about TSan runtime support 2021-12-09 16:42:27 -08:00
Makefile.lib Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
Makefile.modfinal kbuild: Unify options for BTF generation for vmlinux and modules 2021-11-01 18:09:58 -07:00
Makefile.modinst kbuild: do not quote string values in include/config/auto.conf 2022-01-08 18:03:57 +09:00
Makefile.modpost kbuild: Fix comment typo in scripts/Makefile.modpost 2021-09-19 10:14:19 +09:00
Makefile.package kbuild: Add make tarzst-pkg build option 2021-10-12 11:50:46 +09:00
Makefile.ubsan ubsan: remove CONFIG_UBSAN_OBJECT_SIZE 2022-01-20 08:52:55 +02:00
Makefile.userprogs
makelst
markup_oops.pl
min-tool-version.sh Documentation: Raise the minimum supported version of LLVM to 11.0.0 2021-12-02 17:24:32 +09:00
mkcompile_h sched/preempt: Tell about PREEMPT_DYNAMIC on kernel headers 2022-03-11 15:36:35 +01:00
mksysmap
mkuboot.sh
module.lds.S module: combine constructors in module linker script 2021-07-19 14:51:40 +02:00
modules-check.sh kbuild: check module name conflict for external modules as well 2021-04-25 05:22:42 +09:00
nsdeps kbuild: replace LANG=C with LC_ALL=C 2021-05-02 00:43:35 +09:00
objdiff
pahole-flags.sh scripts/pahole-flags.sh: Parse DWARF and generate BTF with multithreading. 2022-02-22 14:32:44 -08:00
pahole-version.sh kbuild: Add CONFIG_PAHOLE_VERSION 2022-02-02 11:19:33 +01:00
parse-maintainers.pl
patch-kernel
profile2linkerlist.pl
prune-kernel
recordmcount.c ftrace: Have recordmcount use w8 to read relp->r_info in arm64_is_fake_mcount 2021-03-02 17:27:18 -05:00
recordmcount.h recordmcount: Correct st_shndx handling 2021-06-18 09:09:17 -04:00
recordmcount.pl nds32: Remove the architecture 2022-03-07 13:54:59 +01:00
remove-stale-files Kbuild updates for v5.17 2022-01-19 11:15:19 +02:00
setlocalversion kbuild: do not quote string values in include/config/auto.conf 2022-01-08 18:03:57 +09:00
show_delta tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
sign-file.c
sorttable.c s390/extable: convert to relative table with data 2022-03-08 00:33:00 +01:00
sorttable.h script/sorttable: Fix some initialization problems 2022-01-18 10:17:18 -05:00
spdxcheck-test.sh scripts/spdxcheck-test.sh: Drop python2 2021-07-21 15:59:32 +02:00
spdxcheck.py spdxcheck.py: Fix a type error 2022-02-04 16:43:01 +01:00
spelling.txt scripts/spelling.txt: add more spellings to spelling.txt 2022-03-22 15:57:00 -07:00
sphinx-pre-install scripts: sphinx-pre-install: Fix ctex support on Debian 2022-01-07 09:33:13 -07:00
split-man.pl tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
stackdelta
stackusage
subarch.include parisc: Fix compile failure when building 64-bit kernel natively 2021-09-01 21:52:02 +02:00
syscallhdr.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
syscallnr.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
syscalltbl.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
tags.sh scripts/tags: add space regexs to all regex_c 2021-11-26 16:58:55 +01:00
test_fortify.sh fortify: Update compile-time tests for Clang 14 2022-02-13 16:50:06 -08:00
tools-support-relr.sh Makefile: fix GDB warning with CONFIG_RELR 2021-06-08 13:09:34 +01:00
unifdef.c
ver_linux Removed the oprofiled version option 2021-05-03 17:23:06 -06:00
xen-hypercalls.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
xz_wrap.sh