c4c3610595
Place a system_extra_cert buffer of configurable size, right after the system_certificate_list, so that inserted keys can be readily processed by the existing mechanism. Added script takes a key file and a kernel image and inserts its contents to the reserved area. The system_certificate_list_size is also adjusted accordingly. Call the script as: scripts/insert-sys-cert -b <vmlinux> -c <certfile> If vmlinux has no symbol table, supply System.map file with -s flag. Subsequent runs replace the previously inserted key, instead of appending the new one. Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
50 lines
1.8 KiB
Makefile
50 lines
1.8 KiB
Makefile
###
|
|
# scripts contains sources for various helper programs used throughout
|
|
# the kernel for the build process.
|
|
# ---------------------------------------------------------------------------
|
|
# kallsyms: Find all symbols in vmlinux
|
|
# pnmttologo: Convert pnm files to logo files
|
|
# conmakehash: Create chartable
|
|
# conmakehash: Create arrays for initializing the kernel console tables
|
|
# docproc: Used in Documentation/DocBook
|
|
# check-lc_ctype: Used in Documentation/DocBook
|
|
|
|
HOST_EXTRACFLAGS += -I$(srctree)/tools/include
|
|
|
|
hostprogs-$(CONFIG_KALLSYMS) += kallsyms
|
|
hostprogs-$(CONFIG_LOGO) += pnmtologo
|
|
hostprogs-$(CONFIG_VT) += conmakehash
|
|
hostprogs-$(BUILD_C_RECORDMCOUNT) += recordmcount
|
|
hostprogs-$(CONFIG_BUILDTIME_EXTABLE_SORT) += sortextable
|
|
hostprogs-$(CONFIG_ASN1) += asn1_compiler
|
|
hostprogs-$(CONFIG_MODULE_SIG) += sign-file
|
|
hostprogs-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert
|
|
hostprogs-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert
|
|
|
|
HOSTCFLAGS_sortextable.o = -I$(srctree)/tools/include
|
|
HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include
|
|
HOSTLOADLIBES_sign-file = -lcrypto
|
|
HOSTLOADLIBES_extract-cert = -lcrypto
|
|
|
|
always := $(hostprogs-y) $(hostprogs-m)
|
|
|
|
# The following hostprogs-y programs are only build on demand
|
|
hostprogs-y += unifdef docproc check-lc_ctype
|
|
|
|
# These targets are used internally to avoid "is up to date" messages
|
|
PHONY += build_unifdef build_docproc build_check-lc_ctype
|
|
build_unifdef: $(obj)/unifdef
|
|
@:
|
|
build_docproc: $(obj)/docproc
|
|
@:
|
|
build_check-lc_ctype: $(obj)/check-lc_ctype
|
|
@:
|
|
|
|
subdir-$(CONFIG_MODVERSIONS) += genksyms
|
|
subdir-y += mod
|
|
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
|
|
subdir-$(CONFIG_DTC) += dtc
|
|
subdir-$(CONFIG_GDB_SCRIPTS) += gdb
|
|
|
|
# Let clean descend into subdirs
|
|
subdir- += basic kconfig package
|