certs: check-in the default x509 config file
When x509.genkey is created, it prints a log: Generating X.509 key generation config ..., which is not the ordinary Kbuild log style. Check-in the default config as certs/default_x509.genkey to make it readable, and copy it to certs/x509.genkey if it is not present. The log is shown in the Kbuild style. COPY certs/x509.genkey Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
This commit is contained in:
parent
54e2c77dd4
commit
f3a2ba44e9
|
@ -98,25 +98,13 @@ $(obj)/signing_key.pem: $(obj)/x509.genkey
|
|||
@$(kecho) "### Key pair generated."
|
||||
@$(kecho) "###"
|
||||
|
||||
quiet_cmd_copy_x509_config = COPY $@
|
||||
cmd_copy_x509_config = cat $(srctree)/$(src)/default_x509.genkey > $@
|
||||
|
||||
# You can provide your own config file. If not present, copy the default one.
|
||||
$(obj)/x509.genkey:
|
||||
@$(kecho) Generating X.509 key generation config
|
||||
@echo >$@ "[ req ]"
|
||||
@echo >>$@ "default_bits = 4096"
|
||||
@echo >>$@ "distinguished_name = req_distinguished_name"
|
||||
@echo >>$@ "prompt = no"
|
||||
@echo >>$@ "string_mask = utf8only"
|
||||
@echo >>$@ "x509_extensions = myexts"
|
||||
@echo >>$@
|
||||
@echo >>$@ "[ req_distinguished_name ]"
|
||||
@echo >>$@ "#O = Unspecified company"
|
||||
@echo >>$@ "CN = Build time autogenerated kernel key"
|
||||
@echo >>$@ "#emailAddress = unspecified.user@unspecified.company"
|
||||
@echo >>$@
|
||||
@echo >>$@ "[ myexts ]"
|
||||
@echo >>$@ "basicConstraints=critical,CA:FALSE"
|
||||
@echo >>$@ "keyUsage=digitalSignature"
|
||||
@echo >>$@ "subjectKeyIdentifier=hash"
|
||||
@echo >>$@ "authorityKeyIdentifier=keyid"
|
||||
$(call cmd,copy_x509_config)
|
||||
|
||||
endif # CONFIG_MODULE_SIG_KEY
|
||||
|
||||
$(eval $(call config_filename,MODULE_SIG_KEY))
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
[ req ]
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
prompt = no
|
||||
string_mask = utf8only
|
||||
x509_extensions = myexts
|
||||
|
||||
[ req_distinguished_name ]
|
||||
#O = Unspecified company
|
||||
CN = Build time autogenerated kernel key
|
||||
#emailAddress = unspecified.user@unspecified.company
|
||||
|
||||
[ myexts ]
|
||||
basicConstraints=critical,CA:FALSE
|
||||
keyUsage=digitalSignature
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid
|
Loading…
Reference in New Issue