[linux-2.6-block.git] / kernel / Makefile

#
# Makefile for the linux kernel.
#

obj-y     = fork.o exec_domain.o panic.o \
	    cpu.o exit.o itimer.o time.o softirq.o resource.o \
	    sysctl.o sysctl_binary.o capability.o ptrace.o timer.o user.o \
	    signal.o sys.o kmod.o workqueue.o pid.o task_work.o \
	    rcupdate.o extable.o params.o posix-timers.o \
	    kthread.o wait.o sys_ni.o posix-cpu-timers.o mutex.o \
	    hrtimer.o rwsem.o nsproxy.o srcu.o semaphore.o \
	    notifier.o ksysfs.o cred.o reboot.o \
	    async.o range.o groups.o lglock.o smpboot.o

ifdef CONFIG_FUNCTION_TRACER
# Do not trace debug files and internal ftrace files
CFLAGS_REMOVE_lockdep.o = -pg
CFLAGS_REMOVE_lockdep_proc.o = -pg
CFLAGS_REMOVE_mutex-debug.o = -pg
CFLAGS_REMOVE_rtmutex-debug.o = -pg
CFLAGS_REMOVE_cgroup-debug.o = -pg
CFLAGS_REMOVE_irq_work.o = -pg
endif

obj-y += sched/
obj-y += power/
obj-y += printk/
obj-y += cpu/
obj-y += irq/

obj-$(CONFIG_CHECKPOINT_RESTORE) += kcmp.o
obj-$(CONFIG_FREEZER) += freezer.o
obj-$(CONFIG_PROFILING) += profile.o
obj-$(CONFIG_STACKTRACE) += stacktrace.o
obj-y += time/
obj-$(CONFIG_DEBUG_MUTEXES) += mutex-debug.o
obj-$(CONFIG_LOCKDEP) += lockdep.o
ifeq ($(CONFIG_PROC_FS),y)
obj-$(CONFIG_LOCKDEP) += lockdep_proc.o
endif
obj-$(CONFIG_FUTEX) += futex.o
ifeq ($(CONFIG_COMPAT),y)
obj-$(CONFIG_FUTEX) += futex_compat.o
endif
obj-$(CONFIG_RT_MUTEXES) += rtmutex.o
obj-$(CONFIG_DEBUG_RT_MUTEXES) += rtmutex-debug.o
obj-$(CONFIG_RT_MUTEX_TESTER) += rtmutex-tester.o
obj-$(CONFIG_GENERIC_ISA_DMA) += dma.o
obj-$(CONFIG_SMP) += smp.o
ifneq ($(CONFIG_SMP),y)
obj-y += up.o
endif
obj-$(CONFIG_SMP) += spinlock.o
obj-$(CONFIG_DEBUG_SPINLOCK) += spinlock.o
obj-$(CONFIG_PROVE_LOCKING) += spinlock.o
obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_KEXEC) += kexec.o
obj-$(CONFIG_BACKTRACE_SELF_TEST) += backtracetest.o
obj-$(CONFIG_COMPAT) += compat.o
obj-$(CONFIG_CGROUPS) += cgroup.o
obj-$(CONFIG_CGROUP_FREEZER) += cgroup_freezer.o
obj-$(CONFIG_CPUSETS) += cpuset.o
obj-$(CONFIG_UTS_NS) += utsname.o
obj-$(CONFIG_USER_NS) += user_namespace.o
obj-$(CONFIG_PID_NS) += pid_namespace.o
obj-$(CONFIG_IKCONFIG) += configs.o
obj-$(CONFIG_RESOURCE_COUNTERS) += res_counter.o
obj-$(CONFIG_SMP) += stop_machine.o
obj-$(CONFIG_KPROBES_SANITY_TEST) += test_kprobes.o
obj-$(CONFIG_AUDIT) += audit.o auditfilter.o
obj-$(CONFIG_AUDITSYSCALL) += auditsc.o
obj-$(CONFIG_AUDIT_WATCH) += audit_watch.o
obj-$(CONFIG_AUDIT_TREE) += audit_tree.o
obj-$(CONFIG_GCOV_KERNEL) += gcov/
obj-$(CONFIG_KPROBES) += kprobes.o
obj-$(CONFIG_KGDB) += debug/
obj-$(CONFIG_DETECT_HUNG_TASK) += hung_task.o
obj-$(CONFIG_LOCKUP_DETECTOR) += watchdog.o
obj-$(CONFIG_SECCOMP) += seccomp.o
obj-$(CONFIG_RCU_TORTURE_TEST) += rcutorture.o
obj-$(CONFIG_TREE_RCU) += rcutree.o
obj-$(CONFIG_TREE_PREEMPT_RCU) += rcutree.o
obj-$(CONFIG_TREE_RCU_TRACE) += rcutree_trace.o
obj-$(CONFIG_TINY_RCU) += rcutiny.o
obj-$(CONFIG_TINY_PREEMPT_RCU) += rcutiny.o
obj-$(CONFIG_RELAY) += relay.o
obj-$(CONFIG_SYSCTL) += utsname_sysctl.o
obj-$(CONFIG_TASK_DELAY_ACCT) += delayacct.o
obj-$(CONFIG_TASKSTATS) += taskstats.o tsacct.o
obj-$(CONFIG_TRACEPOINTS) += tracepoint.o
obj-$(CONFIG_LATENCYTOP) += latencytop.o
obj-$(CONFIG_BINFMT_ELF) += elfcore.o
obj-$(CONFIG_COMPAT_BINFMT_ELF) += elfcore.o
obj-$(CONFIG_BINFMT_ELF_FDPIC) += elfcore.o
obj-$(CONFIG_FUNCTION_TRACER) += trace/
obj-$(CONFIG_TRACING) += trace/
obj-$(CONFIG_TRACE_CLOCK) += trace/
obj-$(CONFIG_RING_BUFFER) += trace/
obj-$(CONFIG_TRACEPOINTS) += trace/
obj-$(CONFIG_IRQ_WORK) += irq_work.o
obj-$(CONFIG_CPU_PM) += cpu_pm.o

obj-$(CONFIG_PERF_EVENTS) += events/

obj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o
obj-$(CONFIG_PADATA) += padata.o
obj-$(CONFIG_CRASH_DUMP) += crash_dump.o
obj-$(CONFIG_JUMP_LABEL) += jump_label.o
obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o

$(obj)/configs.o: $(obj)/config_data.h

# config_data.h contains the same information as ikconfig.h but gzipped.
# Info from config_data can be extracted from /proc/config*
targets += config_data.gz
$(obj)/config_data.gz: $(KCONFIG_CONFIG) FORCE
	$(call if_changed,gzip)

      filechk_ikconfiggz = (echo "static const char kernel_config_data[] __used = MAGIC_START"; cat $< | scripts/bin2c; echo "MAGIC_END;")
targets += config_data.h
$(obj)/config_data.h: $(obj)/config_data.gz FORCE
	$(call filechk,ikconfiggz)

$(obj)/time.o: $(obj)/timeconst.h

quiet_cmd_hzfile = HZFILE  $@
      cmd_hzfile = echo "hz=$(CONFIG_HZ)" > $@

targets += hz.bc
$(obj)/hz.bc: $(objtree)/include/config/hz.h FORCE
	$(call if_changed,hzfile)

quiet_cmd_bc  = BC      $@
      cmd_bc  = bc -q $(filter-out FORCE,$^) > $@

targets += timeconst.h
$(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE
	$(call if_changed,bc)

###############################################################################
#
# Roll all the X.509 certificates that we can find together and pull them into
# the kernel so that they get loaded into the system trusted keyring during
# boot.
#
# We look in the source root and the build root for all files whose name ends
# in ".x509".  Unfortunately, this will generate duplicate filenames, so we
# have make canonicalise the pathnames and then sort them to discard the
# duplicates.
#
###############################################################################
ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509
X509_CERTIFICATES := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \
				$(or $(realpath $(CERT)),$(CERT))))

ifeq ($(X509_CERTIFICATES),)
$(warning *** No X.509 certificates found ***)
endif

ifneq ($(wildcard $(obj)/.x509.list),)
ifneq ($(shell cat $(obj)/.x509.list),$(X509_CERTIFICATES))
$(info X.509 certificate list changed)
$(shell rm $(obj)/.x509.list)
endif
endif

kernel/system_certificates.o: $(obj)/x509_certificate_list

quiet_cmd_x509certs  = CERTS   $@
      cmd_x509certs  = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; echo "  - Including cert $(X509)")

targets += $(obj)/x509_certificate_list
$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list
	$(call if_changed,x509certs)

targets += $(obj)/.x509.list
$(obj)/.x509.list:
	@echo $(X509_CERTIFICATES) >$@

clean-files := x509_certificate_list .x509.list
endif

ifeq ($(CONFIG_MODULE_SIG),y)
###############################################################################
#
# If module signing is requested, say by allyesconfig, but a key has not been
# supplied, then one will need to be generated to make sure the build does not
# fail and that the kernel may be used afterwards.
#
###############################################################################
ifndef CONFIG_MODULE_SIG_HASH
$(error Could not determine digest type to use from kernel config)
endif

signing_key.priv signing_key.x509: x509.genkey
	@echo "###"
	@echo "### Now generating an X.509 key pair to be used for signing modules."
	@echo "###"
	@echo "### If this takes a long time, you might wish to run rngd in the"
	@echo "### background to keep the supply of entropy topped up.  It"
	@echo "### needs to be run as root, and uses a hardware random"
	@echo "### number generator if one is available."
	@echo "###"
	openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \
		-batch -x509 -config x509.genkey \
		-outform DER -out signing_key.x509 \
		-keyout signing_key.priv 2>&1
	@echo "###"
	@echo "### Key pair generated."
	@echo "###"

x509.genkey:
	@echo Generating X.509 key generation config
	@echo  >x509.genkey "[ req ]"
	@echo >>x509.genkey "default_bits = 4096"
	@echo >>x509.genkey "distinguished_name = req_distinguished_name"
	@echo >>x509.genkey "prompt = no"
	@echo >>x509.genkey "string_mask = utf8only"
	@echo >>x509.genkey "x509_extensions = myexts"
	@echo >>x509.genkey
	@echo >>x509.genkey "[ req_distinguished_name ]"
	@echo >>x509.genkey "O = Magrathea"
	@echo >>x509.genkey "CN = Glacier signing key"
	@echo >>x509.genkey "emailAddress = slartibartfast@magrathea.h2g2"
	@echo >>x509.genkey
	@echo >>x509.genkey "[ myexts ]"
	@echo >>x509.genkey "basicConstraints=critical,CA:FALSE"
	@echo >>x509.genkey "keyUsage=digitalSignature"
	@echo >>x509.genkey "subjectKeyIdentifier=hash"
	@echo >>x509.genkey "authorityKeyIdentifier=keyid"
endif
Commit	Line	Data
1da177e4 LT	1	#
	2	# Makefile for the linux kernel.
	3	#
	4
b9ee979e	5	obj-y = fork.o exec_domain.o panic.o \
68f4f1ec	6	cpu.o exit.o itimer.o time.o softirq.o resource.o \
afa588b2	7	sysctl.o sysctl_binary.o capability.o ptrace.o timer.o user.o \
e73f8959	8	signal.o sys.o kmod.o workqueue.o pid.o task_work.o \
e260be67	9	rcupdate.o extable.o params.o posix-timers.o \
c759b35e	10	kthread.o wait.o sys_ni.o posix-cpu-timers.o mutex.o \
64ac24e7	11	hrtimer.o rwsem.o nsproxy.o srcu.o semaphore.o \
15d94b82	12	notifier.o ksysfs.o cred.o reboot.o \
3180d89b	13	async.o range.o groups.o lglock.o smpboot.o
029632fb	14
606576ce	15	ifdef CONFIG_FUNCTION_TRACER
6ec56232 SR	16	# Do not trace debug files and internal ftrace files
	17	CFLAGS_REMOVE_lockdep.o = -pg
	18	CFLAGS_REMOVE_lockdep_proc.o = -pg
	19	CFLAGS_REMOVE_mutex-debug.o = -pg
	20	CFLAGS_REMOVE_rtmutex-debug.o = -pg
	21	CFLAGS_REMOVE_cgroup-debug.o = -pg
e360adbe	22	CFLAGS_REMOVE_irq_work.o = -pg
1d09daa5 SR	23	endif
1d09daa5 SR	24
391e43da	25	obj-y += sched/
dae5cbc2	26	obj-y += power/
b9ee979e	27	obj-y += printk/
a1a04ec3	28	obj-y += cpu/
0244ad00	29	obj-y += irq/
391e43da	30
1e142b29	31	obj-$(CONFIG_CHECKPOINT_RESTORE) += kcmp.o
8174f150	32	obj-$(CONFIG_FREEZER) += freezer.o
b03f6489	33	obj-$(CONFIG_PROFILING) += profile.o
8637c099	34	obj-$(CONFIG_STACKTRACE) += stacktrace.o
ad596171	35	obj-y += time/
408894ee	36	obj-$(CONFIG_DEBUG_MUTEXES) += mutex-debug.o
fbb9ce95	37	obj-$(CONFIG_LOCKDEP) += lockdep.o
a8f24a39 IM	38	ifeq ($(CONFIG_PROC_FS),y)
	39	obj-$(CONFIG_LOCKDEP) += lockdep_proc.o
	40	endif
1da177e4	41	obj-$(CONFIG_FUTEX) += futex.o
34f192c6 IM	42	ifeq ($(CONFIG_COMPAT),y)
	43	obj-$(CONFIG_FUTEX) += futex_compat.o
	44	endif
23f78d4a	45	obj-$(CONFIG_RT_MUTEXES) += rtmutex.o
e7eebaf6	46	obj-$(CONFIG_DEBUG_RT_MUTEXES) += rtmutex-debug.o
61a87122	47	obj-$(CONFIG_RT_MUTEX_TESTER) += rtmutex-tester.o
1da177e4	48	obj-$(CONFIG_GENERIC_ISA_DMA) += dma.o
351f8f8e	49	obj-$(CONFIG_SMP) += smp.o
9316fcac	50	ifneq ($(CONFIG_SMP),y)
53ce3d95 AM	51	obj-y += up.o
53ce3d95 AM	52	endif
68f4f1ec	53	obj-$(CONFIG_SMP) += spinlock.o
fb1c8f93	54	obj-$(CONFIG_DEBUG_SPINLOCK) += spinlock.o
8a25d5de	55	obj-$(CONFIG_PROVE_LOCKING) += spinlock.o
1da177e4	56	obj-$(CONFIG_UID16) += uid16.o
b56e5a17	57	obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
1da177e4	58	obj-$(CONFIG_MODULES) += module.o
b56e5a17	59	obj-$(CONFIG_MODULE_SIG) += module_signing.o
1da177e4	60	obj-$(CONFIG_KALLSYMS) += kallsyms.o
1da177e4	61	obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
dc009d92	62	obj-$(CONFIG_KEXEC) += kexec.o
6dab2778	63	obj-$(CONFIG_BACKTRACE_SELF_TEST) += backtracetest.o
1da177e4	64	obj-$(CONFIG_COMPAT) += compat.o
ddbcc7e8	65	obj-$(CONFIG_CGROUPS) += cgroup.o
dc52ddc0	66	obj-$(CONFIG_CGROUP_FREEZER) += cgroup_freezer.o
1da177e4	67	obj-$(CONFIG_CPUSETS) += cpuset.o
aee16ce7 PE	68	obj-$(CONFIG_UTS_NS) += utsname.o
aee16ce7 PE	69	obj-$(CONFIG_USER_NS) += user_namespace.o
74bd59bb	70	obj-$(CONFIG_PID_NS) += pid_namespace.o
1da177e4	71	obj-$(CONFIG_IKCONFIG) += configs.o
e552b661	72	obj-$(CONFIG_RESOURCE_COUNTERS) += res_counter.o
bbf1bb3e	73	obj-$(CONFIG_SMP) += stop_machine.o
8c1c9356	74	obj-$(CONFIG_KPROBES_SANITY_TEST) += test_kprobes.o
939a67fc	75	obj-$(CONFIG_AUDIT) += audit.o auditfilter.o
1da177e4	76	obj-$(CONFIG_AUDITSYSCALL) += auditsc.o
939a67fc	77	obj-$(CONFIG_AUDIT_WATCH) += audit_watch.o
74c3cbe3	78	obj-$(CONFIG_AUDIT_TREE) += audit_tree.o
939a67fc	79	obj-$(CONFIG_GCOV_KERNEL) += gcov/
1da177e4	80	obj-$(CONFIG_KPROBES) += kprobes.o
c4338209	81	obj-$(CONFIG_KGDB) += debug/
e162b39a	82	obj-$(CONFIG_DETECT_HUNG_TASK) += hung_task.o
58687acb	83	obj-$(CONFIG_LOCKUP_DETECTOR) += watchdog.o
1da177e4	84	obj-$(CONFIG_SECCOMP) += seccomp.o
a241ec65	85	obj-$(CONFIG_RCU_TORTURE_TEST) += rcutorture.o
64db4cff	86	obj-$(CONFIG_TREE_RCU) += rcutree.o
f41d911f	87	obj-$(CONFIG_TREE_PREEMPT_RCU) += rcutree.o
64db4cff	88	obj-$(CONFIG_TREE_RCU_TRACE) += rcutree_trace.o
9b1d82fa	89	obj-$(CONFIG_TINY_RCU) += rcutiny.o
a57eb940	90	obj-$(CONFIG_TINY_PREEMPT_RCU) += rcutiny.o
b86ff981	91	obj-$(CONFIG_RELAY) += relay.o
39732acd	92	obj-$(CONFIG_SYSCTL) += utsname_sysctl.o
ca74e92b	93	obj-$(CONFIG_TASK_DELAY_ACCT) += delayacct.o
f3cef7a9	94	obj-$(CONFIG_TASKSTATS) += taskstats.o tsacct.o
97e1c18e	95	obj-$(CONFIG_TRACEPOINTS) += tracepoint.o
9745512c	96	obj-$(CONFIG_LATENCYTOP) += latencytop.o
1fcccbac DH	97	obj-$(CONFIG_BINFMT_ELF) += elfcore.o
	98	obj-$(CONFIG_COMPAT_BINFMT_ELF) += elfcore.o
	99	obj-$(CONFIG_BINFMT_ELF_FDPIC) += elfcore.o
606576ce	100	obj-$(CONFIG_FUNCTION_TRACER) += trace/
bc0c38d1	101	obj-$(CONFIG_TRACING) += trace/
ea632e9f	102	obj-$(CONFIG_TRACE_CLOCK) += trace/
1155de47	103	obj-$(CONFIG_RING_BUFFER) += trace/
870915e0	104	obj-$(CONFIG_TRACEPOINTS) += trace/
e360adbe	105	obj-$(CONFIG_IRQ_WORK) += irq_work.o
ab10023e	106	obj-$(CONFIG_CPU_PM) += cpu_pm.o
fae85b7c BP	107
	108	obj-$(CONFIG_PERF_EVENTS) += events/
	109
7a041097	110	obj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o
16295bec	111	obj-$(CONFIG_PADATA) += padata.o
93a72052	112	obj-$(CONFIG_CRASH_DUMP) += crash_dump.o
b77f0f3c	113	obj-$(CONFIG_JUMP_LABEL) += jump_label.o
91d1aa43	114	obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o
1da177e4	115
1da177e4 LT	116	$(obj)/configs.o: $(obj)/config_data.h
	117
	118	# config_data.h contains the same information as ikconfig.h but gzipped.
	119	# Info from config_data can be extracted from /proc/config*
	120	targets += config_data.gz
41263fc6	121	$(obj)/config_data.gz: $(KCONFIG_CONFIG) FORCE
1da177e4 LT	122	$(call if_changed,gzip)
1da177e4 LT	123
e78e8f2d	124	filechk_ikconfiggz = (echo "static const char kernel_config_data[] __used = MAGIC_START"; cat $< \| scripts/bin2c; echo "MAGIC_END;")
1da177e4 LT	125	targets += config_data.h
1da177e4 LT	126	$(obj)/config_data.h: $(obj)/config_data.gz FORCE
e78e8f2d	127	$(call filechk,ikconfiggz)
bdc80787 PA	128
	129	$(obj)/time.o: $(obj)/timeconst.h
	130
70730bca PA	131	quiet_cmd_hzfile = HZFILE $@
	132	cmd_hzfile = echo "hz=$(CONFIG_HZ)" > $@
	133
	134	targets += hz.bc
	135	$(obj)/hz.bc: $(objtree)/include/config/hz.h FORCE
	136	$(call if_changed,hzfile)
	137
	138	quiet_cmd_bc = BC $@
	139	cmd_bc = bc -q $(filter-out FORCE,$^) > $@
	140
bdc80787	141	targets += timeconst.h
70730bca PA	142	$(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE
70730bca PA	143	$(call if_changed,bc)
d441108c	144
f0e6d220	145	###############################################################################
631cc66e	146	#
0fbd39cf	147	# Roll all the X.509 certificates that we can find together and pull them into
b56e5a17 DH	148	# the kernel so that they get loaded into the system trusted keyring during
b56e5a17 DH	149	# boot.
0fbd39cf DH	150	#
	151	# We look in the source root and the build root for all files whose name ends
	152	# in ".x509". Unfortunately, this will generate duplicate filenames, so we
	153	# have make canonicalise the pathnames and then sort them to discard the
	154	# duplicates.
631cc66e	155	#
f0e6d220	156	###############################################################################
b56e5a17	157	ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
f0e6d220 DH	158	X509_CERTIFICATES-y := $(wildcard .x509) $(wildcard $(srctree)/.x509)
f0e6d220 DH	159	X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509
0fbd39cf DH	160	X509_CERTIFICATES := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \
0fbd39cf DH	161	$(or $(realpath $(CERT)),$(CERT))))
f0e6d220 DH	162
	163	ifeq ($(X509_CERTIFICATES),)
	164	$(warning * No X.509 certificates found *)
	165	endif
	166
	167	ifneq ($(wildcard $(obj)/.x509.list),)
	168	ifneq ($(shell cat $(obj)/.x509.list),$(X509_CERTIFICATES))
	169	$(info X.509 certificate list changed)
	170	$(shell rm $(obj)/.x509.list)
	171	endif
	172	endif
	173
b56e5a17	174	kernel/system_certificates.o: $(obj)/x509_certificate_list
e10e1774	175
f0e6d220	176	quiet_cmd_x509certs = CERTS $@
b56e5a17 DH	177	cmd_x509certs = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; echo " - Including cert $(X509)")
b56e5a17 DH	178
f0e6d220 DH	179	targets += $(obj)/x509_certificate_list
	180	$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list
	181	$(call if_changed,x509certs)
e10e1774	182
f0e6d220 DH	183	targets += $(obj)/.x509.list
	184	$(obj)/.x509.list:
	185	@echo $(X509_CERTIFICATES) >$@
631cc66e	186
f0e6d220	187	clean-files := x509_certificate_list .x509.list
b56e5a17	188	endif
d441108c	189
b56e5a17	190	ifeq ($(CONFIG_MODULE_SIG),y)
d441108c DH	191	###############################################################################
	192	#
	193	# If module signing is requested, say by allyesconfig, but a key has not been
	194	# supplied, then one will need to be generated to make sure the build does not
	195	# fail and that the kernel may be used afterwards.
	196	#
	197	###############################################################################
22753674	198	ifndef CONFIG_MODULE_SIG_HASH
5e8cb1e4 DH	199	$(error Could not determine digest type to use from kernel config)
	200	endif
	201
d441108c DH	202	signing_key.priv signing_key.x509: x509.genkey
	203	@echo "###"
	204	@echo "### Now generating an X.509 key pair to be used for signing modules."
	205	@echo "###"
	206	@echo "### If this takes a long time, you might wish to run rngd in the"
	207	@echo "### background to keep the supply of entropy topped up. It"
2008713c PA	208	@echo "### needs to be run as root, and uses a hardware random"
2008713c PA	209	@echo "### number generator if one is available."
d441108c	210	@echo "###"
22753674 MM	211	openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \
22753674 MM	212	-batch -x509 -config x509.genkey \
d441108c	213	-outform DER -out signing_key.x509 \
07c449bb	214	-keyout signing_key.priv 2>&1
d441108c DH	215	@echo "###"
	216	@echo "### Key pair generated."
	217	@echo "###"
	218
	219	x509.genkey:
	220	@echo Generating X.509 key generation config
	221	@echo >x509.genkey "[ req ]"
	222	@echo >>x509.genkey "default_bits = 4096"
	223	@echo >>x509.genkey "distinguished_name = req_distinguished_name"
	224	@echo >>x509.genkey "prompt = no"
e7d113bc	225	@echo >>x509.genkey "string_mask = utf8only"
d441108c DH	226	@echo >>x509.genkey "x509_extensions = myexts"
	227	@echo >>x509.genkey
	228	@echo >>x509.genkey "[ req_distinguished_name ]"
	229	@echo >>x509.genkey "O = Magrathea"
	230	@echo >>x509.genkey "CN = Glacier signing key"
	231	@echo >>x509.genkey "emailAddress = slartibartfast@magrathea.h2g2"
	232	@echo >>x509.genkey
	233	@echo >>x509.genkey "[ myexts ]"
	234	@echo >>x509.genkey "basicConstraints=critical,CA:FALSE"
	235	@echo >>x509.genkey "keyUsage=digitalSignature"
	236	@echo >>x509.genkey "subjectKeyIdentifier=hash"
	237	@echo >>x509.genkey "authorityKeyIdentifier=keyid"
	238	endif