[linux] 03/03: certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial testing of signed modules
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sun Apr 3 13:58:21 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch benh/secure-boot
in repository linux.
commit 969431b9526542b07daee810fba22a158f6f56db
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sun Apr 3 04:56:29 2016 +0100
certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial testing of signed modules
Also set MODULE_SIG_KEY to empty string to avoid including a build-
time generated key.
---
debian/changelog | 2 ++
debian/config/config | 7 +++++++
debian/pubkeys/benh at debian.org.key.pub.pem | 9 +++++++++
3 files changed, 18 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index a289718..64afc01 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,8 @@ linux (4.5-1~exp2) UNRELEASED; urgency=medium
* modules: Enable MODULE_SIG and MODULE_SIG_SHA256, but not MODULE_SIG_ALL
as signatures will be packaged separately
- debian/control: Add build-dependency on libssl-dev
+ * certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial
+ testing of signed modules
-- Ben Hutchings <ben at decadent.org.uk> Fri, 25 Mar 2016 13:43:57 +0000
diff --git a/debian/config/config b/debian/config/config
index 2b826b8..924625a 100644
--- a/debian/config/config
+++ b/debian/config/config
@@ -56,6 +56,13 @@ CONFIG_EFI_PARTITION=y
# CONFIG_CMDLINE_PARTITION is not set
##
+## file: certs/Kconfig
+##
+#. Signatures are added in linux-signed
+CONFIG_MODULE_SIG_KEY=
+CONFIG_SYSTEM_TRUSTED_KEYS=debian/pubkeys/benh at debian.org.key.pub.pem
+
+##
## file: crypto/Kconfig
##
CONFIG_CRYPTO=y
diff --git a/debian/pubkeys/benh at debian.org.key.pub.pem b/debian/pubkeys/benh at debian.org.key.pub.pem
new file mode 100644
index 0000000..d5ba07d
--- /dev/null
+++ b/debian/pubkeys/benh at debian.org.key.pub.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9hRyFnH9WYKfiSWe6rL
+KbqB6EP+xSeOoBsN1W0BUxgEdPHGm6NbYYO0KzKKrJ4OVKVt3pemJcCSju7ZRoF9
+jlKkpzDUoMOsKDNDfL07RAJ7QPMj/tgq8TcDsU+W4nVmEiEcghlx7qiWfRZ9b8fl
+JjoFBYTeTPFcVRdcU+9N0tC2M4HFVZ454xNnkIAmob/q4ciUmaxFMmKKIeOsjfIB
+8tLXBwa62a72r1hAXU0P6Vt0hPg57IgxUZ7Td1WsPFaM1Qv4bmGcFHAUDCRvmrGk
+M1rK8Dx4iU3BYkT+677hyuUv490z2LZN26gbmBETf0o9OvGtTI1CIN77T2UkXXbB
+AQIDAQAB
+-----END PUBLIC KEY-----
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list