From f3a2ba44e93e2c192a872f2705fe66dbf39708d6 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Fri, 5 Nov 2021 12:59:55 +0900 Subject: certs: check-in the default x509 config file When x509.genkey is created, it prints a log: Generating X.509 key generation config ..., which is not the ordinary Kbuild log style. Check-in the default config as certs/default_x509.genkey to make it readable, and copy it to certs/x509.genkey if it is not present. The log is shown in the Kbuild style. COPY certs/x509.genkey Signed-off-by: Masahiro Yamada --- certs/Makefile | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) (limited to 'certs/Makefile') diff --git a/certs/Makefile b/certs/Makefile index db1fd2f4b950..fc94a260e3f3 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -98,25 +98,13 @@ $(obj)/signing_key.pem: $(obj)/x509.genkey @$(kecho) "### Key pair generated." @$(kecho) "###" +quiet_cmd_copy_x509_config = COPY $@ + cmd_copy_x509_config = cat $(srctree)/$(src)/default_x509.genkey > $@ + +# You can provide your own config file. If not present, copy the default one. $(obj)/x509.genkey: - @$(kecho) Generating X.509 key generation config - @echo >$@ "[ req ]" - @echo >>$@ "default_bits = 4096" - @echo >>$@ "distinguished_name = req_distinguished_name" - @echo >>$@ "prompt = no" - @echo >>$@ "string_mask = utf8only" - @echo >>$@ "x509_extensions = myexts" - @echo >>$@ - @echo >>$@ "[ req_distinguished_name ]" - @echo >>$@ "#O = Unspecified company" - @echo >>$@ "CN = Build time autogenerated kernel key" - @echo >>$@ "#emailAddress = unspecified.user@unspecified.company" - @echo >>$@ - @echo >>$@ "[ myexts ]" - @echo >>$@ "basicConstraints=critical,CA:FALSE" - @echo >>$@ "keyUsage=digitalSignature" - @echo >>$@ "subjectKeyIdentifier=hash" - @echo >>$@ "authorityKeyIdentifier=keyid" + $(call cmd,copy_x509_config) + endif # CONFIG_MODULE_SIG_KEY $(eval $(call config_filename,MODULE_SIG_KEY)) -- cgit