linux_dsm_epyc7002/certs
Mehmet Kayaalp c4c3610595 KEYS: Reserve an extra certificate symbol for inserting without recompiling
Place a system_extra_cert buffer of configurable size, right after the
system_certificate_list, so that inserted keys can be readily processed by
the existing mechanism. Added script takes a key file and a kernel image
and inserts its contents to the reserved area. The
system_certificate_list_size is also adjusted accordingly.

Call the script as:

    scripts/insert-sys-cert -b <vmlinux> -c <certfile>

If vmlinux has no symbol table, supply System.map file with -s flag.
Subsequent runs replace the previously inserted key, instead of appending
the new one.

Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-02-26 15:30:20 +00:00
..
.gitignore certs: add .gitignore to stop git nagging about x509_certificate_list 2015-10-21 15:18:35 +01:00
Kconfig KEYS: Reserve an extra certificate symbol for inserting without recompiling 2016-02-26 15:30:20 +00:00
Makefile modsign: hide openssl output in silent builds 2016-02-26 11:16:38 +00:00
system_certificates.S KEYS: Reserve an extra certificate symbol for inserting without recompiling 2016-02-26 15:30:20 +00:00
system_keyring.c KEYS: Add an alloc flag to convey the builtinness of a key 2016-02-09 16:40:46 +00:00