summaryrefslogtreecommitdiff
path: root/certs/Makefile
diff options
context:
space:
mode:
authorMasahiro Yamada <masahiroy@kernel.org>2021-11-05 12:59:55 +0900
committerMasahiro Yamada <masahiroy@kernel.org>2021-12-11 22:09:14 +0900
commitf3a2ba44e93e2c192a872f2705fe66dbf39708d6 (patch)
tree79cd91060c56ebbf0d3aff0a421e96b334bad7aa /certs/Makefile
parent54e2c77dd4cbf9bab5aa4ac8cf821005aaeb50fe (diff)
certs: check-in the default x509 config file
When x509.genkey is created, it prints a log: Generating X.509 key generation config ..., which is not the ordinary Kbuild log style. Check-in the default config as certs/default_x509.genkey to make it readable, and copy it to certs/x509.genkey if it is not present. The log is shown in the Kbuild style. COPY certs/x509.genkey Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Diffstat (limited to 'certs/Makefile')
-rw-r--r--certs/Makefile24
1 files changed, 6 insertions, 18 deletions
diff --git a/certs/Makefile b/certs/Makefile
index db1fd2f4b950..fc94a260e3f3 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -98,25 +98,13 @@ $(obj)/signing_key.pem: $(obj)/x509.genkey
@$(kecho) "### Key pair generated."
@$(kecho) "###"
+quiet_cmd_copy_x509_config = COPY $@
+ cmd_copy_x509_config = cat $(srctree)/$(src)/default_x509.genkey > $@
+
+# You can provide your own config file. If not present, copy the default one.
$(obj)/x509.genkey:
- @$(kecho) Generating X.509 key generation config
- @echo >$@ "[ req ]"
- @echo >>$@ "default_bits = 4096"
- @echo >>$@ "distinguished_name = req_distinguished_name"
- @echo >>$@ "prompt = no"
- @echo >>$@ "string_mask = utf8only"
- @echo >>$@ "x509_extensions = myexts"
- @echo >>$@
- @echo >>$@ "[ req_distinguished_name ]"
- @echo >>$@ "#O = Unspecified company"
- @echo >>$@ "CN = Build time autogenerated kernel key"
- @echo >>$@ "#emailAddress = unspecified.user@unspecified.company"
- @echo >>$@
- @echo >>$@ "[ myexts ]"
- @echo >>$@ "basicConstraints=critical,CA:FALSE"
- @echo >>$@ "keyUsage=digitalSignature"
- @echo >>$@ "subjectKeyIdentifier=hash"
- @echo >>$@ "authorityKeyIdentifier=keyid"
+ $(call cmd,copy_x509_config)
+
endif # CONFIG_MODULE_SIG_KEY
$(eval $(call config_filename,MODULE_SIG_KEY))