Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

KEYS: Load *.x509 files into kernel keyring

Load all the files matching the pattern "*.x509" that are to be found in kernel
base source dir and base build dir into the module signing keyring.

The "extra_certificates" file is then redundant.

Signed-off-by: David Howells <dhowells@redhat.com>
David Howells 12 years ago
parent
124df92609
commit
f0e6d220a7
2 changed files with 30 additions and 8 deletions
Split View Show Diff Stats
  1. 29 6
      kernel/Makefile
  2. 1 2
      kernel/modsign_certificate.S

+ 29 - 6
kernel/Makefile
View File 

@@ -142,17 +142,40 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE
 
 	$(call if_changed,bc)
 
 
 ifeq ($(CONFIG_MODULE_SIG),y)
 
+###############################################################################
 
 #
 
-# Pull the signing certificate and any extra certificates into the kernel
 
+# Roll all the X.509 certificates that we can find together and pull
 
+# them into the kernel.
 
 #
 
+###############################################################################
 
+X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
 
+X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509
 
+X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y))
 
+
 
+ifeq ($(X509_CERTIFICATES),)
 
+$(warning *** No X.509 certificates found ***)
 
+endif
 
+
 
+ifneq ($(wildcard $(obj)/.x509.list),)
 
+ifneq ($(shell cat $(obj)/.x509.list),$(X509_CERTIFICATES))
 
+$(info X.509 certificate list changed)
 
+$(shell rm $(obj)/.x509.list)
 
+endif
 
+endif
 
+
 
+kernel/modsign_certificate.o: $(obj)/x509_certificate_list
 
 
-quiet_cmd_touch = TOUCH   $@
 
-      cmd_touch = touch   $@
 
+quiet_cmd_x509certs  = CERTS   $@
 
+      cmd_x509certs  = cat $(X509_CERTIFICATES) /dev/null >$@
 
+targets += $(obj)/x509_certificate_list
 
+$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list
 
+	$(call if_changed,x509certs)
 
 
-extra_certificates:
 
-	$(call cmd,touch)
 
+targets += $(obj)/.x509.list
 
+$(obj)/.x509.list:
 
+	@echo $(X509_CERTIFICATES) >$@
 
 
-kernel/modsign_certificate.o: signing_key.x509 extra_certificates
 
+clean-files := x509_certificate_list .x509.list
 
 
 ###############################################################################
 
 #

+ 1 - 2
kernel/modsign_certificate.S
View File 

@@ -7,6 +7,5 @@
 
 	.section ".init.data","aw"
 
 
 GLOBAL(modsign_certificate_list)
 
-	.incbin "signing_key.x509"
 
-	.incbin "extra_certificates"
 
+	.incbin "kernel/x509_certificate_list"
 
 GLOBAL(modsign_certificate_list_end)