linux/certs/system_certificates.S
Nayna Jain 781a573948 ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies
IMA_APPRAISE_MODSIG is used for verifying the integrity of both kernel
and modules. Enabling IMA_APPRAISE_MODSIG without MODULES causes a build
break.

Ensure the build time kernel signing key is only generated if both
IMA_APPRAISE_MODSIG and MODULES are enabled.

Fixes: 0165f4ca22 ("ima: enable signing of modules with build time generated key")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2021-04-26 21:54:23 -04:00

50 lines
1.1 KiB
ArmAsm

/* SPDX-License-Identifier: GPL-2.0 */
#include <linux/export.h>
#include <linux/init.h>
__INITRODATA
.align 8
.globl system_certificate_list
system_certificate_list:
__cert_list_start:
__module_cert_start:
#if defined(CONFIG_MODULE_SIG) || (defined(CONFIG_IMA_APPRAISE_MODSIG) \
&& defined(CONFIG_MODULES))
.incbin "certs/signing_key.x509"
#endif
__module_cert_end:
.incbin "certs/x509_certificate_list"
__cert_list_end:
#ifdef CONFIG_SYSTEM_EXTRA_CERTIFICATE
.globl system_extra_cert
.size system_extra_cert, CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE
system_extra_cert:
.fill CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE, 1, 0
.align 4
.globl system_extra_cert_used
system_extra_cert_used:
.int 0
#endif /* CONFIG_SYSTEM_EXTRA_CERTIFICATE */
.align 8
.globl system_certificate_list_size
system_certificate_list_size:
#ifdef CONFIG_64BIT
.quad __cert_list_end - __cert_list_start
#else
.long __cert_list_end - __cert_list_start
#endif
.align 8
.globl module_cert_size
module_cert_size:
#ifdef CONFIG_64BIT
.quad __module_cert_end - __module_cert_start
#else
.long __module_cert_end - __module_cert_start
#endif