summaryrefslogtreecommitdiff
path: root/kernel/Makefile
diff options
context:
space:
mode:
authorDavid Woodhouse <David.Woodhouse@intel.com>2015-07-20 21:16:29 +0100
committerDavid Howells <dhowells@redhat.com>2015-08-07 16:26:14 +0100
commit19e91b69d77bab16405cc284b451378e89a4110c (patch)
tree5f4d0904c0b1b98ef728bde634240ec4678fca22 /kernel/Makefile
parent6e3e281f39af78bd680b82d9762bf6c4f8f3f5f4 (diff)
downloadlinux-sh-19e91b69d77bab16405cc284b451378e89a4110c.tar.gz
modsign: Allow external signing key to be specified
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'kernel/Makefile')
-rw-r--r--kernel/Makefile5
1 files changed, 5 insertions, 0 deletions
diff --git a/kernel/Makefile b/kernel/Makefile
index 43c4c920f30a..2c937ace292e 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -170,6 +170,10 @@ ifndef CONFIG_MODULE_SIG_HASH
$(error Could not determine digest type to use from kernel config)
endif
+# We do it this way rather than having a boolean option for enabling an
+# external private key, because 'make randconfig' might enable such a
+# boolean option and we unfortunately can't make it depend on !RANDCONFIG.
+ifeq ($(CONFIG_MODULE_SIG_KEY),"signing_key.priv")
signing_key.priv signing_key.x509: x509.genkey
@echo "###"
@echo "### Now generating an X.509 key pair to be used for signing modules."
@@ -207,3 +211,4 @@ x509.genkey:
@echo >>x509.genkey "subjectKeyIdentifier=hash"
@echo >>x509.genkey "authorityKeyIdentifier=keyid"
endif
+endif