git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit

author	Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
	Thu, 10 Mar 2016 21:22:13 +0000 (16:22 -0500)
committer	Andrea Righi <andrea.righi@canonical.com>
	Mon, 25 Nov 2019 13:56:24 +0000 (14:56 +0100)
commit	258c6fafff8d923a408b9c890021287ac7e0fc9b
tree	7390b28b9425caba168182d337e00e417f8fc6cf	tree
parent	5b9fd1f40c82749cca6c76afac0c6b5842914cf2	commit \| diff

UBUNTU: SAUCE: (noup) KEYS: Support for inserting a certificate into x86 bzImage

BugLink: http://bugs.launchpad.net/bugs/1558553
The config option SYSTEM_EXTRA_CERTIFICATE reserves space in vmlinux file,
which is compressed to create the self-extracting bzImage. This patch adds the
capability of extracting the vmlinux, inserting the certificate, and
repackaging the result into a bzImage.

It only works if the resulting compressed vmlinux is smaller than the original.
Otherwise re-linking would be required. To make the reserved space allocate
actual space in bzImage, a null key is inserted into vmlinux before creating
the bzImage:

make vmlinux
scripts/insert-sys-cert -b vmlinux -c /dev/null
make bzImage

After null key insertion, the script populates the rest of the reserved space
with random bytes, which have poor compression. After receiving a bzImage that
is created this way, actual certificate can be inserted into the bzImage:

scripts/insert-sys-cert -s <System.map> -z <bzImage> -c <certfile>

Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>