diff options
author | Masahiro Yamada | 2021-11-05 12:59:55 +0900 |
---|---|---|
committer | Masahiro Yamada | 2021-12-11 22:09:14 +0900 |
commit | f3a2ba44e93e2c192a872f2705fe66dbf39708d6 (patch) | |
tree | 79cd91060c56ebbf0d3aff0a421e96b334bad7aa | |
parent | 54e2c77dd4cbf9bab5aa4ac8cf821005aaeb50fe (diff) |
certs: check-in the default x509 config file
When x509.genkey is created, it prints a log:
Generating X.509 key generation config
..., which is not the ordinary Kbuild log style.
Check-in the default config as certs/default_x509.genkey to make it
readable, and copy it to certs/x509.genkey if it is not present.
The log is shown in the Kbuild style.
COPY certs/x509.genkey
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
-rw-r--r-- | certs/Makefile | 24 | ||||
-rw-r--r-- | certs/default_x509.genkey | 17 |
2 files changed, 23 insertions, 18 deletions
diff --git a/certs/Makefile b/certs/Makefile index db1fd2f4b950..fc94a260e3f3 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -98,25 +98,13 @@ $(obj)/signing_key.pem: $(obj)/x509.genkey @$(kecho) "### Key pair generated." @$(kecho) "###" +quiet_cmd_copy_x509_config = COPY $@ + cmd_copy_x509_config = cat $(srctree)/$(src)/default_x509.genkey > $@ + +# You can provide your own config file. If not present, copy the default one. $(obj)/x509.genkey: - @$(kecho) Generating X.509 key generation config - @echo >$@ "[ req ]" - @echo >>$@ "default_bits = 4096" - @echo >>$@ "distinguished_name = req_distinguished_name" - @echo >>$@ "prompt = no" - @echo >>$@ "string_mask = utf8only" - @echo >>$@ "x509_extensions = myexts" - @echo >>$@ - @echo >>$@ "[ req_distinguished_name ]" - @echo >>$@ "#O = Unspecified company" - @echo >>$@ "CN = Build time autogenerated kernel key" - @echo >>$@ "#emailAddress = unspecified.user@unspecified.company" - @echo >>$@ - @echo >>$@ "[ myexts ]" - @echo >>$@ "basicConstraints=critical,CA:FALSE" - @echo >>$@ "keyUsage=digitalSignature" - @echo >>$@ "subjectKeyIdentifier=hash" - @echo >>$@ "authorityKeyIdentifier=keyid" + $(call cmd,copy_x509_config) + endif # CONFIG_MODULE_SIG_KEY $(eval $(call config_filename,MODULE_SIG_KEY)) diff --git a/certs/default_x509.genkey b/certs/default_x509.genkey new file mode 100644 index 000000000000..d4c6628cb8e5 --- /dev/null +++ b/certs/default_x509.genkey @@ -0,0 +1,17 @@ +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +prompt = no +string_mask = utf8only +x509_extensions = myexts + +[ req_distinguished_name ] +#O = Unspecified company +CN = Build time autogenerated kernel key +#emailAddress = unspecified.user@unspecified.company + +[ myexts ] +basicConstraints=critical,CA:FALSE +keyUsage=digitalSignature +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid |