forked from mirrors/linux
781a573948
IMA_APPRAISE_MODSIG is used for verifying the integrity of both kernel
and modules. Enabling IMA_APPRAISE_MODSIG without MODULES causes a build
break.
Ensure the build time kernel signing key is only generated if both
IMA_APPRAISE_MODSIG and MODULES are enabled.
Fixes: 0165f4ca22 ("ima: enable signing of modules with build time generated key")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
49 lines
1.1 KiB
ArmAsm
49 lines
1.1 KiB
ArmAsm
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#include <linux/export.h>
|
|
#include <linux/init.h>
|
|
|
|
__INITRODATA
|
|
|
|
.align 8
|
|
.globl system_certificate_list
|
|
system_certificate_list:
|
|
__cert_list_start:
|
|
__module_cert_start:
|
|
#if defined(CONFIG_MODULE_SIG) || (defined(CONFIG_IMA_APPRAISE_MODSIG) \
|
|
&& defined(CONFIG_MODULES))
|
|
.incbin "certs/signing_key.x509"
|
|
#endif
|
|
__module_cert_end:
|
|
.incbin "certs/x509_certificate_list"
|
|
__cert_list_end:
|
|
|
|
#ifdef CONFIG_SYSTEM_EXTRA_CERTIFICATE
|
|
.globl system_extra_cert
|
|
.size system_extra_cert, CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE
|
|
system_extra_cert:
|
|
.fill CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE, 1, 0
|
|
|
|
.align 4
|
|
.globl system_extra_cert_used
|
|
system_extra_cert_used:
|
|
.int 0
|
|
|
|
#endif /* CONFIG_SYSTEM_EXTRA_CERTIFICATE */
|
|
|
|
.align 8
|
|
.globl system_certificate_list_size
|
|
system_certificate_list_size:
|
|
#ifdef CONFIG_64BIT
|
|
.quad __cert_list_end - __cert_list_start
|
|
#else
|
|
.long __cert_list_end - __cert_list_start
|
|
#endif
|
|
|
|
.align 8
|
|
.globl module_cert_size
|
|
module_cert_size:
|
|
#ifdef CONFIG_64BIT
|
|
.quad __module_cert_end - __module_cert_start
|
|
#else
|
|
.long __module_cert_end - __module_cert_start
|
|
#endif
|