forked from Minki/linux
3f1e1bea34
Move to using PKCS#7 messages as module signatures because: (1) We have to be able to support the use of X.509 certificates that don't have a subjKeyId set. We're currently relying on this to look up the X.509 certificate in the trusted keyring list. (2) PKCS#7 message signed information blocks have a field that supplies the data required to match with the X.509 certificate that signed it. (3) The PKCS#7 certificate carries fields that specify the digest algorithm used to generate the signature in a standardised way and the X.509 certificates specify the public key algorithm in a standardised way - so we don't need our own methods of specifying these. (4) We now have PKCS#7 message support in the kernel for signed kexec purposes and we can make use of this. To make this work, the old sign-file script has been replaced with a program that needs compiling in a previous patch. The rules to build it are added here. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Vivek Goyal <vgoyal@redhat.com> |
||
---|---|---|
.. | ||
calibrate.c | ||
do_mounts_initrd.c | ||
do_mounts_md.c | ||
do_mounts_rd.c | ||
do_mounts.c | ||
do_mounts.h | ||
init_task.c | ||
initramfs.c | ||
Kconfig | ||
main.c | ||
Makefile | ||
noinitramfs.c | ||
version.c |