diff options
author | Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> | 2015-11-24 22:18:05 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2016-02-26 16:30:20 +0100 |
commit | c4c36105958576fee87d2c75f4b69b6e5bbde772 (patch) | |
tree | f4a8451b1471c4f87fab76f8aa613c5dc402ad8c /certs/system_certificates.S | |
parent | modsign: hide openssl output in silent builds (diff) | |
download | linux-c4c36105958576fee87d2c75f4b69b6e5bbde772.tar.xz linux-c4c36105958576fee87d2c75f4b69b6e5bbde772.zip |
KEYS: Reserve an extra certificate symbol for inserting without recompiling
Place a system_extra_cert buffer of configurable size, right after the
system_certificate_list, so that inserted keys can be readily processed by
the existing mechanism. Added script takes a key file and a kernel image
and inserts its contents to the reserved area. The
system_certificate_list_size is also adjusted accordingly.
Call the script as:
scripts/insert-sys-cert -b <vmlinux> -c <certfile>
If vmlinux has no symbol table, supply System.map file with -s flag.
Subsequent runs replace the previously inserted key, instead of appending
the new one.
Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'certs/system_certificates.S')
-rw-r--r-- | certs/system_certificates.S | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/certs/system_certificates.S b/certs/system_certificates.S index 9216e8c81764..f82e1b22eac4 100644 --- a/certs/system_certificates.S +++ b/certs/system_certificates.S @@ -13,6 +13,18 @@ __cert_list_start: .incbin "certs/x509_certificate_list" __cert_list_end: +#ifdef CONFIG_SYSTEM_EXTRA_CERTIFICATE + .globl VMLINUX_SYMBOL(system_extra_cert) + .size system_extra_cert, CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE +VMLINUX_SYMBOL(system_extra_cert): + .fill CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE, 1, 0 + + .globl VMLINUX_SYMBOL(system_extra_cert_used) +VMLINUX_SYMBOL(system_extra_cert_used): + .int 0 + +#endif /* CONFIG_SYSTEM_EXTRA_CERTIFICATE */ + .align 8 .globl VMLINUX_SYMBOL(system_certificate_list_size) VMLINUX_SYMBOL(system_certificate_list_size): |