diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2015-07-20 22:16:30 +0200 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2015-08-07 17:26:14 +0200 |
commit | fb1179499134bc718dc7557c7a6a95dc72f224cb (patch) | |
tree | 5a0b7e87708c275071f4c3079099854a13eee812 /init | |
parent | modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed (diff) | |
download | linux-fb1179499134bc718dc7557c7a6a95dc72f224cb.tar.xz linux-fb1179499134bc718dc7557c7a6a95dc72f224cb.zip |
modsign: Use single PEM file for autogenerated key
The current rule for generating signing_key.priv and signing_key.x509 is
a classic example of a bad rule which has a tendency to break parallel
make. When invoked to create *either* target, it generates the other
target as a side-effect that make didn't predict.
So let's switch to using a single file signing_key.pem which contains
both key and certificate. That matches what we do in the case of an
external key specified by CONFIG_MODULE_SIG_KEY anyway, so it's also
slightly cleaner.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/init/Kconfig b/init/Kconfig index e2e0a1d27886..2b119850784b 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1950,7 +1950,7 @@ config MODULE_SIG_HASH config MODULE_SIG_KEY string "File name or PKCS#11 URI of module signing key" - default "signing_key.priv" + default "signing_key.pem" depends on MODULE_SIG help Provide the file name of a private key/certificate in PEM format, @@ -1958,7 +1958,7 @@ config MODULE_SIG_KEY the URI should identify, both the certificate and its corresponding private key. - If this option is unchanged from its default "signing_key.priv", + If this option is unchanged from its default "signing_key.pem", then the kernel will automatically generate the private key and certificate as described in Documentation/module-signing.txt |