]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a0a5777) | patch
UBUNTU: SAUCE: (noup) KEYS: Support for inserting a certificate into x86 bzImage
authorMehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Thu, 10 Mar 2016 21:22:13 +0000 (16:22 -0500)
committerTim Gardner <tim.gardner@canonical.com>
Wed, 6 Apr 2016 09:27:34 +0000 (10:27 +0100)
commit5a08bbffb4ef26713f468ab04c40a65784ff6bce
treebc7aa64b5011a4f72b6404881a5d95cb979474e3tree
parenta0a577785bd39b405296ffa6a368a31277090ceecommit | diff
UBUNTU: SAUCE: (noup) KEYS: Support for inserting a certificate into x86 bzImage

BugLink: http://bugs.launchpad.net/bugs/1558553
The config option SYSTEM_EXTRA_CERTIFICATE reserves space in vmlinux file,
which is compressed to create the self-extracting bzImage. This patch adds the
capability of extracting the vmlinux, inserting the certificate, and
repackaging the result into a bzImage.

It only works if the resulting compressed vmlinux is smaller than the original.
Otherwise re-linking would be required. To make the reserved space allocate
actual space in bzImage, a null key is inserted into vmlinux before creating
the bzImage:

make vmlinux
scripts/insert-sys-cert -b vmlinux -c /dev/null
make bzImage

After null key insertion, the script populates the rest of the reserved space
with random bytes, which have poor compression. After receiving a bzImage that
is created this way, actual certificate can be inserted into the bzImage:

scripts/insert-sys-cert -s <System.map> -z <bzImage> -c <certfile>

Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
scripts/insert-sys-cert.c diff | blob | blame | history
Ubuntu Artful kernel mirror