KEYS: Reserve an extra certificate symbol for inserting without recompiling
Place a system_extra_cert buffer of configurable size, right after the
system_certificate_list, so that inserted keys can be readily processed by
the existing mechanism. Added script takes a key file and a kernel image
and inserts its contents to the reserved area. The
system_certificate_list_size is also adjusted accordingly.
Call the script as:
scripts/insert-sys-cert -b <vmlinux> -c <certfile>
If vmlinux has no symbol table, supply System.map file with -s flag.
Subsequent runs replace the previously inserted key, instead of appending
the new one.
Signed-off-by: 
Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Signed-off-by: 
David Howells <dhowells@redhat.com>
Acked-by: 
Mimi Zohar <zohar@linux.vnet.ibm.com>
Showing
- certs/Kconfig 16 additions, 0 deletionscerts/Kconfig
- certs/system_certificates.S 12 additions, 0 deletionscerts/system_certificates.S
- scripts/.gitignore 1 addition, 0 deletionsscripts/.gitignore
- scripts/Makefile 1 addition, 0 deletionsscripts/Makefile
- scripts/insert-sys-cert.c 410 additions, 0 deletionsscripts/insert-sys-cert.c
Loading
Please register or sign in to comment