diff options
-rw-r--r-- | certs/Makefile | 24 | ||||
-rw-r--r-- | certs/default_x509.genkey | 17 |
2 files changed, 23 insertions, 18 deletions
diff --git a/certs/Makefile b/certs/Makefile index db1fd2f4b950..fc94a260e3f3 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -98,25 +98,13 @@ $(obj)/signing_key.pem: $(obj)/x509.genkey @$(kecho) "### Key pair generated." @$(kecho) "###" +quiet_cmd_copy_x509_config = COPY $@ + cmd_copy_x509_config = cat $(srctree)/$(src)/default_x509.genkey > $@ + +# You can provide your own config file. If not present, copy the default one. $(obj)/x509.genkey: - @$(kecho) Generating X.509 key generation config - @echo >$@ "[ req ]" - @echo >>$@ "default_bits = 4096" - @echo >>$@ "distinguished_name = req_distinguished_name" - @echo >>$@ "prompt = no" - @echo >>$@ "string_mask = utf8only" - @echo >>$@ "x509_extensions = myexts" - @echo >>$@ - @echo >>$@ "[ req_distinguished_name ]" - @echo >>$@ "#O = Unspecified company" - @echo >>$@ "CN = Build time autogenerated kernel key" - @echo >>$@ "#emailAddress = unspecified.user@unspecified.company" - @echo >>$@ - @echo >>$@ "[ myexts ]" - @echo >>$@ "basicConstraints=critical,CA:FALSE" - @echo >>$@ "keyUsage=digitalSignature" - @echo >>$@ "subjectKeyIdentifier=hash" - @echo >>$@ "authorityKeyIdentifier=keyid" + $(call cmd,copy_x509_config) + endif # CONFIG_MODULE_SIG_KEY $(eval $(call config_filename,MODULE_SIG_KEY)) diff --git a/certs/default_x509.genkey b/certs/default_x509.genkey new file mode 100644 index 000000000000..d4c6628cb8e5 --- /dev/null +++ b/certs/default_x509.genkey @@ -0,0 +1,17 @@ +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +prompt = no +string_mask = utf8only +x509_extensions = myexts + +[ req_distinguished_name ] +#O = Unspecified company +CN = Build time autogenerated kernel key +#emailAddress = unspecified.user@unspecified.company + +[ myexts ] +basicConstraints=critical,CA:FALSE +keyUsage=digitalSignature +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid |