c4c3610595
Place a system_extra_cert buffer of configurable size, right after the system_certificate_list, so that inserted keys can be readily processed by the existing mechanism. Added script takes a key file and a kernel image and inserts its contents to the reserved area. The system_certificate_list_size is also adjusted accordingly. Call the script as: scripts/insert-sys-cert -b <vmlinux> -c <certfile> If vmlinux has no symbol table, supply System.map file with -s flag. Subsequent runs replace the previously inserted key, instead of appending the new one. Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
36 lines
907 B
ArmAsm
36 lines
907 B
ArmAsm
#include <linux/export.h>
|
|
#include <linux/init.h>
|
|
|
|
__INITRODATA
|
|
|
|
.align 8
|
|
.globl VMLINUX_SYMBOL(system_certificate_list)
|
|
VMLINUX_SYMBOL(system_certificate_list):
|
|
__cert_list_start:
|
|
#ifdef CONFIG_MODULE_SIG
|
|
.incbin "certs/signing_key.x509"
|
|
#endif
|
|
.incbin "certs/x509_certificate_list"
|
|
__cert_list_end:
|
|
|
|
#ifdef CONFIG_SYSTEM_EXTRA_CERTIFICATE
|
|
.globl VMLINUX_SYMBOL(system_extra_cert)
|
|
.size system_extra_cert, CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE
|
|
VMLINUX_SYMBOL(system_extra_cert):
|
|
.fill CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE, 1, 0
|
|
|
|
.globl VMLINUX_SYMBOL(system_extra_cert_used)
|
|
VMLINUX_SYMBOL(system_extra_cert_used):
|
|
.int 0
|
|
|
|
#endif /* CONFIG_SYSTEM_EXTRA_CERTIFICATE */
|
|
|
|
.align 8
|
|
.globl VMLINUX_SYMBOL(system_certificate_list_size)
|
|
VMLINUX_SYMBOL(system_certificate_list_size):
|
|
#ifdef CONFIG_64BIT
|
|
.quad __cert_list_end - __cert_list_start
|
|
#else
|
|
.long __cert_list_end - __cert_list_start
|
|
#endif
|