leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

KEYS: Load *.x509 files into kernel keyring

Browse Source 
Load all the files matching the pattern "*.x509" that are to be found in kernel
base source dir and base build dir into the module signing keyring.

The "extra_certificates" file is then redundant.

Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
David Howells 2013-08-30 16:07:13 +01:00
parent 124df92609
commit f0e6d220a7
2 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
kernel/Makefile
View File

@ -142,17 +142,40 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE
$(call if_changed,bc) $(call if_changed,bc)
ifeq ($(CONFIG_MODULE_SIG),y) ifeq ($(CONFIG_MODULE_SIG),y)
###############################################################################
# #
# Pull the signing certificate and any extra certificates into the kernel # Roll all the X.509 certificates that we can find together and pull
# them into the kernel.
# #
###############################################################################
X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509
X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y))
quiet_cmd_touch = TOUCH $@ ifeq ($(X509_CERTIFICATES),)
cmd_touch = touch $@ $(warning *** No X.509 certificates found ***)
endif
extra_certificates: ifneq ($(wildcard $(obj)/.x509.list),)
$(call cmd,touch) ifneq ($(shell cat $(obj)/.x509.list),$(X509_CERTIFICATES))
$(info X.509 certificate list changed)
$(shell rm $(obj)/.x509.list)
endif
endif
kernel/modsign_certificate.o: signing_key.x509 extra_certificates kernel/modsign_certificate.o: $(obj)/x509_certificate_list
quiet_cmd_x509certs = CERTS $@
cmd_x509certs = cat $(X509_CERTIFICATES) /dev/null >$@
targets += $(obj)/x509_certificate_list
$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list
$(call if_changed,x509certs)
targets += $(obj)/.x509.list
$(obj)/.x509.list:
@echo $(X509_CERTIFICATES) >$@
clean-files := x509_certificate_list .x509.list
############################################################################### ###############################################################################
# #

3
kernel/modsign_certificate.S
View File

@ -7,6 +7,5 @@
.section ".init.data","aw" .section ".init.data","aw"
GLOBAL(modsign_certificate_list) GLOBAL(modsign_certificate_list)
.incbin "signing_key.x509" .incbin "kernel/x509_certificate_list"
.incbin "extra_certificates"
GLOBAL(modsign_certificate_list_end) GLOBAL(modsign_certificate_list_end)