summaryrefslogtreecommitdiffstats
path: root/kernel/system_certificates.S (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Move certificate handling to its own directoryDavid Howells2015-08-141-23/+0
| | | | | | | | | Move certificate handling out of the kernel/ directory and into a certs/ directory to get all the weird stuff in one place and move the generated signing keys into this directory. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
* modsign: Use extract-cert to process CONFIG_SYSTEM_TRUSTED_KEYSDavid Woodhouse2015-08-121-0/+3
| | | | | | | Fix up the dependencies somewhat too, while we're at it. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
* KEYS: correct alignment of system_certificate_list content in assembly fileHendrik Brueckner2013-12-101-2/+12
| | | | | | | | | | | | | | | | | | | Apart from data-type specific alignment constraints, there are also architecture-specific alignment requirements. For example, on s390 symbols must be on even addresses implying a 2-byte alignment. If the system_certificate_list_end symbol is on an odd address and if this address is loaded, the least-significant bit is ignored. As a result, the load_system_certificate_list() fails to load the certificates because of a wrong certificate length calculation. To be safe, align system_certificate_list on an 8-byte boundary. Also improve the length calculation of the system_certificate_list content. Introduce a system_certificate_list_size (8-byte aligned because of unsigned long) variable that stores the length. Let the linker calculate this size by introducing a start and end label for the certificate content. Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com>
* kernel/system_certificate.S: use real contents instead of macro GLOBAL()Chen Gang2013-10-301-6/+4
| | | | | | | | | | | | | | | | | If a macro is only used within 2 times, and also its contents are within 2 lines, recommend to expand it to shrink code line. For our case, the macro is not portable either: some architectures' assembler may use another character to mark newline in a macro (e.g. '`' for arc), which will cause issue. If still want to use macro and let it portable enough, it will also need include additional header file (e.g "#include <linux/linkage.h>", although it also need be fixed). Signed-off-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: David Howells <dhowells@redhat.com>
* KEYS: Separate the kernel signature checking keyring from module signingDavid Howells2013-09-251-0/+12
Separate the kernel signature checking keyring from module signing so that it can be used by code other than the module-signing code. Signed-off-by: David Howells <dhowells@redhat.com>