bin2c: move bin2c in scripts/basic

This patch series does not do kernel signature verification yet.  I plan
to post another patch series for that.  Now distributions are already
signing PE/COFF bzImage with PKCS7 signature I plan to parse and verify
those signatures.

Primary goal of this patchset is to prepare groundwork so that kernel
image can be signed and signatures be verified during kexec load.  This
should help with two things.

- It should allow kexec/kdump on secureboot enabled machines.

- In general it can help even without secureboot. By being able to verify
  kernel image signature in kexec, it should help with avoiding module
  signing restrictions. Matthew Garret showed how to boot into a custom
  kernel, modify first kernel's memory and then jump back to old kernel and
  bypass any policy one wants to.

This patch (of 15):

Kexec wants to use bin2c and it wants to use it really early in the build
process. See arch/x86/purgatory/ code in later patches.

So move bin2c in scripts/basic so that it can be built very early and
be usable by arch/x86/purgatory/

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Vivek Goyal 2014-08-08 14:25:38 -07:00 committed by Linus Torvalds
parent 05f65b5c70
commit 8370edea81
6 changed files with 6 additions and 7 deletions

View File

@ -105,7 +105,7 @@ targets += config_data.gz
$(obj)/config_data.gz: $(KCONFIG_CONFIG) FORCE $(obj)/config_data.gz: $(KCONFIG_CONFIG) FORCE
$(call if_changed,gzip) $(call if_changed,gzip)
filechk_ikconfiggz = (echo "static const char kernel_config_data[] __used = MAGIC_START"; cat $< | scripts/bin2c; echo "MAGIC_END;") filechk_ikconfiggz = (echo "static const char kernel_config_data[] __used = MAGIC_START"; cat $< | scripts/basic/bin2c; echo "MAGIC_END;")
targets += config_data.h targets += config_data.h
$(obj)/config_data.h: $(obj)/config_data.gz FORCE $(obj)/config_data.h: $(obj)/config_data.gz FORCE
$(call filechk,ikconfiggz) $(call filechk,ikconfiggz)

1
scripts/.gitignore vendored
View File

@ -4,7 +4,6 @@
conmakehash conmakehash
kallsyms kallsyms
pnmtologo pnmtologo
bin2c
unifdef unifdef
ihex2fw ihex2fw
recordmcount recordmcount

View File

@ -13,7 +13,6 @@ HOST_EXTRACFLAGS += -I$(srctree)/tools/include
hostprogs-$(CONFIG_KALLSYMS) += kallsyms hostprogs-$(CONFIG_KALLSYMS) += kallsyms
hostprogs-$(CONFIG_LOGO) += pnmtologo hostprogs-$(CONFIG_LOGO) += pnmtologo
hostprogs-$(CONFIG_VT) += conmakehash hostprogs-$(CONFIG_VT) += conmakehash
hostprogs-$(CONFIG_IKCONFIG) += bin2c
hostprogs-$(BUILD_C_RECORDMCOUNT) += recordmcount hostprogs-$(BUILD_C_RECORDMCOUNT) += recordmcount
hostprogs-$(CONFIG_BUILDTIME_EXTABLE_SORT) += sortextable hostprogs-$(CONFIG_BUILDTIME_EXTABLE_SORT) += sortextable
hostprogs-$(CONFIG_ASN1) += asn1_compiler hostprogs-$(CONFIG_ASN1) += asn1_compiler

View File

@ -1 +1,2 @@
fixdep fixdep
bin2c

View File

@ -9,6 +9,7 @@
# fixdep: Used to generate dependency information during build process # fixdep: Used to generate dependency information during build process
hostprogs-y := fixdep hostprogs-y := fixdep
hostprogs-$(CONFIG_IKCONFIG) += bin2c
always := $(hostprogs-y) always := $(hostprogs-y)
# fixdep is needed to compile other host programs # fixdep is needed to compile other host programs

View File

@ -11,7 +11,7 @@
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
int ch, total=0; int ch, total = 0;
if (argc > 1) if (argc > 1)
printf("const char %s[] %s=\n", printf("const char %s[] %s=\n",
@ -19,10 +19,9 @@ int main(int argc, char *argv[])
do { do {
printf("\t\""); printf("\t\"");
while ((ch = getchar()) != EOF) while ((ch = getchar()) != EOF) {
{
total++; total++;
printf("\\x%02x",ch); printf("\\x%02x", ch);
if (total % 16 == 0) if (total % 16 == 0)
break; break;
} }