]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | # |
2 | # Makefile for the linux kernel. | |
3 | # | |
4 | ||
b9ee979e | 5 | obj-y = fork.o exec_domain.o panic.o \ |
5cee9645 TG |
6 | cpu.o exit.o softirq.o resource.o \ |
7 | sysctl.o sysctl_binary.o capability.o ptrace.o user.o \ | |
e73f8959 | 8 | signal.o sys.o kmod.o workqueue.o pid.o task_work.o \ |
5cee9645 TG |
9 | extable.o params.o \ |
10 | kthread.o sys_ni.o nsproxy.o \ | |
15d94b82 | 11 | notifier.o ksysfs.o cred.o reboot.o \ |
2813893f IM |
12 | async.o range.o smpboot.o |
13 | ||
14 | obj-$(CONFIG_MULTIUSER) += groups.o | |
029632fb | 15 | |
606576ce | 16 | ifdef CONFIG_FUNCTION_TRACER |
6ec56232 | 17 | # Do not trace debug files and internal ftrace files |
c0a80c0c HC |
18 | CFLAGS_REMOVE_cgroup-debug.o = $(CC_FLAGS_FTRACE) |
19 | CFLAGS_REMOVE_irq_work.o = $(CC_FLAGS_FTRACE) | |
1d09daa5 SR |
20 | endif |
21 | ||
58edae3a AK |
22 | # cond_syscall is currently not LTO compatible |
23 | CFLAGS_sys_ni.o = $(DISABLE_LTO) | |
24 | ||
391e43da | 25 | obj-y += sched/ |
01768b42 | 26 | obj-y += locking/ |
dae5cbc2 | 27 | obj-y += power/ |
b9ee979e | 28 | obj-y += printk/ |
0244ad00 | 29 | obj-y += irq/ |
4102adab | 30 | obj-y += rcu/ |
b700e7f0 | 31 | obj-y += livepatch/ |
391e43da | 32 | |
1e142b29 | 33 | obj-$(CONFIG_CHECKPOINT_RESTORE) += kcmp.o |
8174f150 | 34 | obj-$(CONFIG_FREEZER) += freezer.o |
b03f6489 | 35 | obj-$(CONFIG_PROFILING) += profile.o |
8637c099 | 36 | obj-$(CONFIG_STACKTRACE) += stacktrace.o |
ad596171 | 37 | obj-y += time/ |
1da177e4 | 38 | obj-$(CONFIG_FUTEX) += futex.o |
34f192c6 IM |
39 | ifeq ($(CONFIG_COMPAT),y) |
40 | obj-$(CONFIG_FUTEX) += futex_compat.o | |
41 | endif | |
1da177e4 | 42 | obj-$(CONFIG_GENERIC_ISA_DMA) += dma.o |
351f8f8e | 43 | obj-$(CONFIG_SMP) += smp.o |
9316fcac | 44 | ifneq ($(CONFIG_SMP),y) |
53ce3d95 AM |
45 | obj-y += up.o |
46 | endif | |
1da177e4 | 47 | obj-$(CONFIG_UID16) += uid16.o |
b56e5a17 | 48 | obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o |
1da177e4 | 49 | obj-$(CONFIG_MODULES) += module.o |
b56e5a17 | 50 | obj-$(CONFIG_MODULE_SIG) += module_signing.o |
1da177e4 | 51 | obj-$(CONFIG_KALLSYMS) += kallsyms.o |
1da177e4 | 52 | obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o |
dc009d92 | 53 | obj-$(CONFIG_KEXEC) += kexec.o |
6dab2778 | 54 | obj-$(CONFIG_BACKTRACE_SELF_TEST) += backtracetest.o |
1da177e4 | 55 | obj-$(CONFIG_COMPAT) += compat.o |
ddbcc7e8 | 56 | obj-$(CONFIG_CGROUPS) += cgroup.o |
dc52ddc0 | 57 | obj-$(CONFIG_CGROUP_FREEZER) += cgroup_freezer.o |
1da177e4 | 58 | obj-$(CONFIG_CPUSETS) += cpuset.o |
aee16ce7 PE |
59 | obj-$(CONFIG_UTS_NS) += utsname.o |
60 | obj-$(CONFIG_USER_NS) += user_namespace.o | |
74bd59bb | 61 | obj-$(CONFIG_PID_NS) += pid_namespace.o |
1da177e4 | 62 | obj-$(CONFIG_IKCONFIG) += configs.o |
bbf1bb3e | 63 | obj-$(CONFIG_SMP) += stop_machine.o |
8c1c9356 | 64 | obj-$(CONFIG_KPROBES_SANITY_TEST) += test_kprobes.o |
939a67fc | 65 | obj-$(CONFIG_AUDIT) += audit.o auditfilter.o |
1da177e4 | 66 | obj-$(CONFIG_AUDITSYSCALL) += auditsc.o |
939a67fc | 67 | obj-$(CONFIG_AUDIT_WATCH) += audit_watch.o |
74c3cbe3 | 68 | obj-$(CONFIG_AUDIT_TREE) += audit_tree.o |
939a67fc | 69 | obj-$(CONFIG_GCOV_KERNEL) += gcov/ |
1da177e4 | 70 | obj-$(CONFIG_KPROBES) += kprobes.o |
c4338209 | 71 | obj-$(CONFIG_KGDB) += debug/ |
e162b39a | 72 | obj-$(CONFIG_DETECT_HUNG_TASK) += hung_task.o |
58687acb | 73 | obj-$(CONFIG_LOCKUP_DETECTOR) += watchdog.o |
1da177e4 | 74 | obj-$(CONFIG_SECCOMP) += seccomp.o |
b86ff981 | 75 | obj-$(CONFIG_RELAY) += relay.o |
39732acd | 76 | obj-$(CONFIG_SYSCTL) += utsname_sysctl.o |
ca74e92b | 77 | obj-$(CONFIG_TASK_DELAY_ACCT) += delayacct.o |
f3cef7a9 | 78 | obj-$(CONFIG_TASKSTATS) += taskstats.o tsacct.o |
97e1c18e | 79 | obj-$(CONFIG_TRACEPOINTS) += tracepoint.o |
9745512c | 80 | obj-$(CONFIG_LATENCYTOP) += latencytop.o |
1fcccbac DH |
81 | obj-$(CONFIG_BINFMT_ELF) += elfcore.o |
82 | obj-$(CONFIG_COMPAT_BINFMT_ELF) += elfcore.o | |
83 | obj-$(CONFIG_BINFMT_ELF_FDPIC) += elfcore.o | |
606576ce | 84 | obj-$(CONFIG_FUNCTION_TRACER) += trace/ |
bc0c38d1 | 85 | obj-$(CONFIG_TRACING) += trace/ |
ea632e9f | 86 | obj-$(CONFIG_TRACE_CLOCK) += trace/ |
1155de47 | 87 | obj-$(CONFIG_RING_BUFFER) += trace/ |
870915e0 | 88 | obj-$(CONFIG_TRACEPOINTS) += trace/ |
e360adbe | 89 | obj-$(CONFIG_IRQ_WORK) += irq_work.o |
ab10023e | 90 | obj-$(CONFIG_CPU_PM) += cpu_pm.o |
f89b7755 | 91 | obj-$(CONFIG_BPF) += bpf/ |
fae85b7c BP |
92 | |
93 | obj-$(CONFIG_PERF_EVENTS) += events/ | |
94 | ||
7a041097 | 95 | obj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o |
16295bec | 96 | obj-$(CONFIG_PADATA) += padata.o |
93a72052 | 97 | obj-$(CONFIG_CRASH_DUMP) += crash_dump.o |
b77f0f3c | 98 | obj-$(CONFIG_JUMP_LABEL) += jump_label.o |
91d1aa43 | 99 | obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o |
51b1130e | 100 | obj-$(CONFIG_TORTURE_TEST) += torture.o |
1da177e4 | 101 | |
1da177e4 LT |
102 | $(obj)/configs.o: $(obj)/config_data.h |
103 | ||
104 | # config_data.h contains the same information as ikconfig.h but gzipped. | |
105 | # Info from config_data can be extracted from /proc/config* | |
106 | targets += config_data.gz | |
41263fc6 | 107 | $(obj)/config_data.gz: $(KCONFIG_CONFIG) FORCE |
1da177e4 LT |
108 | $(call if_changed,gzip) |
109 | ||
8370edea | 110 | filechk_ikconfiggz = (echo "static const char kernel_config_data[] __used = MAGIC_START"; cat $< | scripts/basic/bin2c; echo "MAGIC_END;") |
1da177e4 LT |
111 | targets += config_data.h |
112 | $(obj)/config_data.h: $(obj)/config_data.gz FORCE | |
e78e8f2d | 113 | $(call filechk,ikconfiggz) |
bdc80787 | 114 | |
f0e6d220 | 115 | ############################################################################### |
631cc66e | 116 | # |
0fbd39cf | 117 | # Roll all the X.509 certificates that we can find together and pull them into |
b56e5a17 DH |
118 | # the kernel so that they get loaded into the system trusted keyring during |
119 | # boot. | |
631cc66e | 120 | # |
0fbd39cf DH |
121 | # We look in the source root and the build root for all files whose name ends |
122 | # in ".x509". Unfortunately, this will generate duplicate filenames, so we | |
123 | # have make canonicalise the pathnames and then sort them to discard the | |
124 | # duplicates. | |
631cc66e | 125 | # |
f0e6d220 | 126 | ############################################################################### |
b56e5a17 | 127 | ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) |
f0e6d220 | 128 | X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509) |
d7ec435f DH |
129 | X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(objtree)/signing_key.x509 |
130 | X509_CERTIFICATES-raw := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \ | |
0fbd39cf | 131 | $(or $(realpath $(CERT)),$(CERT)))) |
d7ec435f | 132 | X509_CERTIFICATES := $(subst $(realpath $(objtree))/,,$(X509_CERTIFICATES-raw)) |
f0e6d220 DH |
133 | |
134 | ifeq ($(X509_CERTIFICATES),) | |
135 | $(warning *** No X.509 certificates found ***) | |
136 | endif | |
137 | ||
138 | ifneq ($(wildcard $(obj)/.x509.list),) | |
139 | ifneq ($(shell cat $(obj)/.x509.list),$(X509_CERTIFICATES)) | |
7df9ab84 | 140 | $(warning X.509 certificate list changed to "$(X509_CERTIFICATES)" from "$(shell cat $(obj)/.x509.list)") |
f0e6d220 DH |
141 | $(shell rm $(obj)/.x509.list) |
142 | endif | |
143 | endif | |
144 | ||
b56e5a17 | 145 | kernel/system_certificates.o: $(obj)/x509_certificate_list |
e10e1774 | 146 | |
f0e6d220 | 147 | quiet_cmd_x509certs = CERTS $@ |
89f703f0 | 148 | cmd_x509certs = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; $(kecho) " - Including cert $(X509)") |
e10e1774 | 149 | |
f0e6d220 DH |
150 | targets += $(obj)/x509_certificate_list |
151 | $(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list | |
152 | $(call if_changed,x509certs) | |
631cc66e | 153 | |
f0e6d220 DH |
154 | targets += $(obj)/.x509.list |
155 | $(obj)/.x509.list: | |
156 | @echo $(X509_CERTIFICATES) >$@ | |
f46a3cbb | 157 | endif |
d441108c | 158 | |
f0e6d220 | 159 | clean-files := x509_certificate_list .x509.list |
d441108c | 160 | |
b56e5a17 | 161 | ifeq ($(CONFIG_MODULE_SIG),y) |
d441108c DH |
162 | ############################################################################### |
163 | # | |
164 | # If module signing is requested, say by allyesconfig, but a key has not been | |
165 | # supplied, then one will need to be generated to make sure the build does not | |
166 | # fail and that the kernel may be used afterwards. | |
167 | # | |
168 | ############################################################################### | |
22753674 | 169 | ifndef CONFIG_MODULE_SIG_HASH |
5e8cb1e4 DH |
170 | $(error Could not determine digest type to use from kernel config) |
171 | endif | |
172 | ||
19e91b69 DW |
173 | # We do it this way rather than having a boolean option for enabling an |
174 | # external private key, because 'make randconfig' might enable such a | |
175 | # boolean option and we unfortunately can't make it depend on !RANDCONFIG. | |
fb117949 DW |
176 | ifeq ($(CONFIG_MODULE_SIG_KEY),"signing_key.pem") |
177 | signing_key.pem: x509.genkey | |
d441108c DH |
178 | @echo "###" |
179 | @echo "### Now generating an X.509 key pair to be used for signing modules." | |
180 | @echo "###" | |
181 | @echo "### If this takes a long time, you might wish to run rngd in the" | |
182 | @echo "### background to keep the supply of entropy topped up. It" | |
2008713c PA |
183 | @echo "### needs to be run as root, and uses a hardware random" |
184 | @echo "### number generator if one is available." | |
d441108c | 185 | @echo "###" |
22753674 MM |
186 | openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \ |
187 | -batch -x509 -config x509.genkey \ | |
fb117949 DW |
188 | -outform PEM -out signing_key.pem \ |
189 | -keyout signing_key.pem 2>&1 | |
d441108c DH |
190 | @echo "###" |
191 | @echo "### Key pair generated." | |
192 | @echo "###" | |
193 | ||
194 | x509.genkey: | |
195 | @echo Generating X.509 key generation config | |
196 | @echo >x509.genkey "[ req ]" | |
197 | @echo >>x509.genkey "default_bits = 4096" | |
198 | @echo >>x509.genkey "distinguished_name = req_distinguished_name" | |
199 | @echo >>x509.genkey "prompt = no" | |
e7d113bc | 200 | @echo >>x509.genkey "string_mask = utf8only" |
d441108c DH |
201 | @echo >>x509.genkey "x509_extensions = myexts" |
202 | @echo >>x509.genkey | |
203 | @echo >>x509.genkey "[ req_distinguished_name ]" | |
9c4249c8 DH |
204 | @echo >>x509.genkey "#O = Unspecified company" |
205 | @echo >>x509.genkey "CN = Build time autogenerated kernel key" | |
206 | @echo >>x509.genkey "#emailAddress = unspecified.user@unspecified.company" | |
d441108c DH |
207 | @echo >>x509.genkey |
208 | @echo >>x509.genkey "[ myexts ]" | |
209 | @echo >>x509.genkey "basicConstraints=critical,CA:FALSE" | |
210 | @echo >>x509.genkey "keyUsage=digitalSignature" | |
211 | @echo >>x509.genkey "subjectKeyIdentifier=hash" | |
212 | @echo >>x509.genkey "authorityKeyIdentifier=keyid" | |
fb117949 DW |
213 | endif |
214 | ||
215 | # We need to obtain the certificate from CONFIG_MODULE_SIG_KEY. | |
1329e8cc DW |
216 | quiet_cmd_extract_der = CERT_DER $(2) |
217 | cmd_extract_der = scripts/extract-cert "$(2)" signing_key.x509 | |
218 | ||
219 | # CONFIG_MODULE_SIG_KEY is either a PKCS#11 URI or a filename. It is | |
220 | # surrounded by quotes, and may contain spaces. To strip the quotes | |
221 | # with $(patsubst) we need to turn the spaces into something else. | |
222 | # And if it's a filename, those spaces need to be escaped as '\ ' in | |
223 | # order to use it in dependencies or $(wildcard). | |
224 | space := | |
225 | space += | |
226 | space_escape := %%%SPACE%%% | |
227 | X509_SOURCE_temp := $(subst $(space),$(space_escape),$(CONFIG_MODULE_SIG_KEY)) | |
228 | # We need this to check for absolute paths or PKCS#11 URIs. | |
229 | X509_SOURCE_ONEWORD := $(patsubst "%",%,$(X509_SOURCE_temp)) | |
230 | # This is the actual source filename/URI without the quotes | |
231 | X509_SOURCE := $(subst $(space_escape),$(space),$(X509_SOURCE_ONEWORD)) | |
232 | # This\ version\ with\ spaces\ escaped\ for\ $(wildcard)\ and\ dependencies | |
233 | X509_SOURCE_ESCAPED := $(subst $(space_escape),\$(space),$(X509_SOURCE_ONEWORD)) | |
234 | ||
235 | ifeq ($(patsubst pkcs11:%,%,$(X509_SOURCE_ONEWORD)),$(X509_SOURCE_ONEWORD)) | |
236 | # If it's a filename, depend on it. | |
237 | X509_DEP := $(X509_SOURCE_ESCAPED) | |
238 | ifeq ($(patsubst /%,%,$(X509_SOURCE_ONEWORD)),$(X509_SOURCE_ONEWORD)) | |
239 | ifeq ($(wildcard $(X509_SOURCE_ESCAPED)),) | |
240 | ifneq ($(wildcard $(srctree)/$(X509_SOURCE_ESCAPED)),) | |
241 | # Non-absolute filename, found in source tree and not build tree | |
242 | X509_SOURCE := $(srctree)/$(X509_SOURCE) | |
243 | X509_DEP := $(srctree)/$(X509_SOURCE_ESCAPED) | |
244 | endif | |
245 | endif | |
246 | endif | |
247 | endif | |
248 | ||
249 | signing_key.x509: scripts/extract-cert include/config/module/sig/key.h $(X509_DEP) | |
250 | $(call cmd,extract_der,$(X509_SOURCE)) | |
d441108c | 251 | endif |