Fix config for module signing
Replace my pubkey with an X.509 (PEM encoded) certificate as actually required. Add quotes around the filenames in kconfig.
This commit is contained in:
parent
a6aaaeb263
commit
f880a7ff25
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDYDCCAkgCCQCKAY3KgJMmMDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJH
|
||||
QjESMBAGA1UEBwwJQ2FtYnJpZGdlMRcwFQYDVQQKDA5EZWJpYW4gUHJvamVjdDEW
|
||||
MBQGA1UEAwwNQmVuIEh1dGNoaW5nczEeMBwGCSqGSIb3DQEJARYPYmVuaEBkZWJp
|
||||
YW4ub3JnMB4XDTE2MDQwMzIyNTg1NVoXDTE2MDUwMzIyNTg1NVowcjELMAkGA1UE
|
||||
BhMCR0IxEjAQBgNVBAcMCUNhbWJyaWRnZTEXMBUGA1UECgwORGViaWFuIFByb2pl
|
||||
Y3QxFjAUBgNVBAMMDUJlbiBIdXRjaGluZ3MxHjAcBgkqhkiG9w0BCQEWD2JlbmhA
|
||||
ZGViaWFuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPYUchZ
|
||||
x/VmCn4klnuqyym6gehD/sUnjqAbDdVtAVMYBHTxxpujW2GDtCsyiqyeDlSlbd6X
|
||||
piXAko7u2UaBfY5SpKcw1KDDrCgzQ3y9O0QCe0DzI/7YKvE3A7FPluJ1ZhIhHIIZ
|
||||
ce6oln0WfW/H5SY6BQWE3kzxXFUXXFPvTdLQtjOBxVWeOeMTZ5CAJqG/6uHIlJms
|
||||
RTJiiiHjrI3yAfLS1wcGutmu9q9YQF1ND+lbdIT4OeyIMVGe03dVrDxWjNUL+G5h
|
||||
nBRwFAwkb5qxpDNayvA8eIlNwWJE/uu+4crlL+PdM9i2TduoG5gRE39KPTrxrUyN
|
||||
QiDe+09lJF12wQECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAieMLuk4Ky2FmMnzF
|
||||
ryaJbbRXN163bXHPrDFd0NkvWQFa+3253QXxlLwEoS4v4OFbYb0tDxcn8qkpNLCb
|
||||
DLtNUcl99slPbmBUi/RFTy/aAWc6LB4XxjbFcIlY27/c/W5bbr6/XmlVtElRW3gZ
|
||||
y3JWFjgym+6lXywbr6RVKYioM3N+LlGf794Kf/pY9y7i8PqDM8WbhurGXwoaPxjv
|
||||
/XsVTpuMCkorUya2n7Ap9Hatlref/IccdxnIOxItH3Jvze0vfygL82Mee77KN5U/
|
||||
jsvtswp6P3K08sLjtFGiAhkjim67H+nJrrhhczXjtUnLZUQuHpkzOghyKFDMpn3R
|
||||
8lchpg==
|
||||
-----END CERTIFICATE-----
|
|
@ -13,8 +13,8 @@ linux (4.5-1~exp2) UNRELEASED; urgency=medium
|
|||
* modules: Enable MODULE_SIG and MODULE_SIG_SHA256, but not MODULE_SIG_ALL
|
||||
as signatures will be packaged separately
|
||||
- debian/control: Add build-dependencies on libssl-dev, openssl
|
||||
* certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial
|
||||
testing of signed modules
|
||||
* certs: Set SYSTEM_TRUSTED_KEYS to my own personal certificate to support
|
||||
initial testing of signed modules
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Fri, 25 Mar 2016 13:43:57 +0000
|
||||
|
||||
|
|
|
@ -59,8 +59,9 @@ CONFIG_EFI_PARTITION=y
|
|||
## file: certs/Kconfig
|
||||
##
|
||||
#. Signatures are added in linux-signed
|
||||
CONFIG_MODULE_SIG_KEY=
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS=debian/pubkeys/benh@debian.org.key.pub.pem
|
||||
CONFIG_MODULE_SIG_KEY=""
|
||||
#. Actually a list of X.509 certificates, not keys
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS="debian/certs/benh@debian.org.cert.pem"
|
||||
|
||||
##
|
||||
## file: crypto/Kconfig
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9hRyFnH9WYKfiSWe6rL
|
||||
KbqB6EP+xSeOoBsN1W0BUxgEdPHGm6NbYYO0KzKKrJ4OVKVt3pemJcCSju7ZRoF9
|
||||
jlKkpzDUoMOsKDNDfL07RAJ7QPMj/tgq8TcDsU+W4nVmEiEcghlx7qiWfRZ9b8fl
|
||||
JjoFBYTeTPFcVRdcU+9N0tC2M4HFVZ454xNnkIAmob/q4ciUmaxFMmKKIeOsjfIB
|
||||
8tLXBwa62a72r1hAXU0P6Vt0hPg57IgxUZ7Td1WsPFaM1Qv4bmGcFHAUDCRvmrGk
|
||||
M1rK8Dx4iU3BYkT+677hyuUv490z2LZN26gbmBETf0o9OvGtTI1CIN77T2UkXXbB
|
||||
AQIDAQAB
|
||||
-----END PUBLIC KEY-----
|
Loading…
Reference in New Issue