summaryrefslogtreecommitdiffstats
path: root/certs/system_certificates.S
diff options
context:
space:
mode:
authorMehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>2015-11-24 22:18:05 +0100
committerDavid Howells <dhowells@redhat.com>2016-02-26 16:30:20 +0100
commitc4c36105958576fee87d2c75f4b69b6e5bbde772 (patch)
treef4a8451b1471c4f87fab76f8aa613c5dc402ad8c /certs/system_certificates.S
parentmodsign: hide openssl output in silent builds (diff)
downloadlinux-c4c36105958576fee87d2c75f4b69b6e5bbde772.tar.xz
linux-c4c36105958576fee87d2c75f4b69b6e5bbde772.zip
KEYS: Reserve an extra certificate symbol for inserting without recompiling
Place a system_extra_cert buffer of configurable size, right after the system_certificate_list, so that inserted keys can be readily processed by the existing mechanism. Added script takes a key file and a kernel image and inserts its contents to the reserved area. The system_certificate_list_size is also adjusted accordingly. Call the script as: scripts/insert-sys-cert -b <vmlinux> -c <certfile> If vmlinux has no symbol table, supply System.map file with -s flag. Subsequent runs replace the previously inserted key, instead of appending the new one. Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'certs/system_certificates.S')
-rw-r--r--certs/system_certificates.S12
1 files changed, 12 insertions, 0 deletions
diff --git a/certs/system_certificates.S b/certs/system_certificates.S
index 9216e8c81764..f82e1b22eac4 100644
--- a/certs/system_certificates.S
+++ b/certs/system_certificates.S
@@ -13,6 +13,18 @@ __cert_list_start:
.incbin "certs/x509_certificate_list"
__cert_list_end:
+#ifdef CONFIG_SYSTEM_EXTRA_CERTIFICATE
+ .globl VMLINUX_SYMBOL(system_extra_cert)
+ .size system_extra_cert, CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE
+VMLINUX_SYMBOL(system_extra_cert):
+ .fill CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE, 1, 0
+
+ .globl VMLINUX_SYMBOL(system_extra_cert_used)
+VMLINUX_SYMBOL(system_extra_cert_used):
+ .int 0
+
+#endif /* CONFIG_SYSTEM_EXTRA_CERTIFICATE */
+
.align 8
.globl VMLINUX_SYMBOL(system_certificate_list_size)
VMLINUX_SYMBOL(system_certificate_list_size):