]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eeb65f0) | patch
UBUNTU: SAUCE: (noup) KEYS: Support for inserting a certificate into x86 bzImage
authorMehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Thu, 10 Mar 2016 21:22:13 +0000 (16:22 -0500)
committerSeth Forshee <seth.forshee@canonical.com>
Tue, 5 Sep 2017 12:32:59 +0000 (07:32 -0500)
commit4a1c730244642eaa0808d20760530e4ae8830459
treef346207db499201c440bf19832b167e3e904b4d4tree
parenteeb65f031e42f6c4a9685ab6eeebf085def83524commit | diff
UBUNTU: SAUCE: (noup) KEYS: Support for inserting a certificate into x86 bzImage

BugLink: http://bugs.launchpad.net/bugs/1558553
The config option SYSTEM_EXTRA_CERTIFICATE reserves space in vmlinux file,
which is compressed to create the self-extracting bzImage. This patch adds the
capability of extracting the vmlinux, inserting the certificate, and
repackaging the result into a bzImage.

It only works if the resulting compressed vmlinux is smaller than the original.
Otherwise re-linking would be required. To make the reserved space allocate
actual space in bzImage, a null key is inserted into vmlinux before creating
the bzImage:

make vmlinux
scripts/insert-sys-cert -b vmlinux -c /dev/null
make bzImage

After null key insertion, the script populates the rest of the reserved space
with random bytes, which have poor compression. After receiving a bzImage that
is created this way, actual certificate can be inserted into the bzImage:

scripts/insert-sys-cert -s <System.map> -z <bzImage> -c <certfile>

Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
scripts/insert-sys-cert.c diff | blob | blame | history
Ubuntu Artful kernel mirror