git.kernel.dk Git - linux-2.6-block.git/commit

author	Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
	Tue, 24 Nov 2015 21:18:05 +0000 (16:18 -0500)
committer	David Howells <dhowells@redhat.com>
	Fri, 26 Feb 2016 15:30:20 +0000 (15:30 +0000)
commit	c4c36105958576fee87d2c75f4b69b6e5bbde772
tree	f4a8451b1471c4f87fab76f8aa613c5dc402ad8c	tree \| snapshot
parent	5d06ee20b662a78417245714fc576cba90e6374f	commit \| diff

KEYS: Reserve an extra certificate symbol for inserting without recompiling

Place a system_extra_cert buffer of configurable size, right after the
system_certificate_list, so that inserted keys can be readily processed by
the existing mechanism. Added script takes a key file and a kernel image
and inserts its contents to the reserved area. The
system_certificate_list_size is also adjusted accordingly.

Call the script as:

scripts/insert-sys-cert -b <vmlinux> -c <certfile>

If vmlinux has no symbol table, supply System.map file with -s flag.
Subsequent runs replace the previously inserted key, instead of appending
the new one.

Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

certs/Kconfig		diff \| blob \| blame \| history
certs/system_certificates.S		diff \| blob \| blame \| history
scripts/.gitignore		diff \| blob \| blame \| history
scripts/Makefile		diff \| blob \| blame \| history
scripts/insert-sys-cert.c	[new file with mode: 0644]	blob