diff options
author | Masahiro Yamada <masahiroy@kernel.org> | 2021-11-05 12:59:55 +0900 |
---|---|---|
committer | Masahiro Yamada <masahiroy@kernel.org> | 2021-12-11 22:09:14 +0900 |
commit | f3a2ba44e93e2c192a872f2705fe66dbf39708d6 (patch) | |
tree | 79cd91060c56ebbf0d3aff0a421e96b334bad7aa /certs/Makefile | |
parent | 54e2c77dd4cbf9bab5aa4ac8cf821005aaeb50fe (diff) |
certs: check-in the default x509 config file
When x509.genkey is created, it prints a log:
Generating X.509 key generation config
..., which is not the ordinary Kbuild log style.
Check-in the default config as certs/default_x509.genkey to make it
readable, and copy it to certs/x509.genkey if it is not present.
The log is shown in the Kbuild style.
COPY certs/x509.genkey
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Diffstat (limited to 'certs/Makefile')
-rw-r--r-- | certs/Makefile | 24 |
1 files changed, 6 insertions, 18 deletions
diff --git a/certs/Makefile b/certs/Makefile index db1fd2f4b950..fc94a260e3f3 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -98,25 +98,13 @@ $(obj)/signing_key.pem: $(obj)/x509.genkey @$(kecho) "### Key pair generated." @$(kecho) "###" +quiet_cmd_copy_x509_config = COPY $@ + cmd_copy_x509_config = cat $(srctree)/$(src)/default_x509.genkey > $@ + +# You can provide your own config file. If not present, copy the default one. $(obj)/x509.genkey: - @$(kecho) Generating X.509 key generation config - @echo >$@ "[ req ]" - @echo >>$@ "default_bits = 4096" - @echo >>$@ "distinguished_name = req_distinguished_name" - @echo >>$@ "prompt = no" - @echo >>$@ "string_mask = utf8only" - @echo >>$@ "x509_extensions = myexts" - @echo >>$@ - @echo >>$@ "[ req_distinguished_name ]" - @echo >>$@ "#O = Unspecified company" - @echo >>$@ "CN = Build time autogenerated kernel key" - @echo >>$@ "#emailAddress = unspecified.user@unspecified.company" - @echo >>$@ - @echo >>$@ "[ myexts ]" - @echo >>$@ "basicConstraints=critical,CA:FALSE" - @echo >>$@ "keyUsage=digitalSignature" - @echo >>$@ "subjectKeyIdentifier=hash" - @echo >>$@ "authorityKeyIdentifier=keyid" + $(call cmd,copy_x509_config) + endif # CONFIG_MODULE_SIG_KEY $(eval $(call config_filename,MODULE_SIG_KEY)) |