[linux] 03/03: certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial testing of signed modules

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sun Apr 3 13:58:21 UTC 2016


This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch benh/secure-boot
in repository linux.

commit 969431b9526542b07daee810fba22a158f6f56db
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sun Apr 3 04:56:29 2016 +0100

    certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial testing of signed modules
    
    Also set MODULE_SIG_KEY to empty string to avoid including a build-
    time generated key.
---
 debian/changelog                           | 2 ++
 debian/config/config                       | 7 +++++++
 debian/pubkeys/benh at debian.org.key.pub.pem | 9 +++++++++
 3 files changed, 18 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index a289718..64afc01 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,8 @@ linux (4.5-1~exp2) UNRELEASED; urgency=medium
   * modules: Enable MODULE_SIG and MODULE_SIG_SHA256, but not MODULE_SIG_ALL
     as signatures will be packaged separately
     - debian/control: Add build-dependency on libssl-dev
+  * certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial
+    testing of signed modules
 
  -- Ben Hutchings <ben at decadent.org.uk>  Fri, 25 Mar 2016 13:43:57 +0000
 
diff --git a/debian/config/config b/debian/config/config
index 2b826b8..924625a 100644
--- a/debian/config/config
+++ b/debian/config/config
@@ -56,6 +56,13 @@ CONFIG_EFI_PARTITION=y
 # CONFIG_CMDLINE_PARTITION is not set
 
 ##
+## file: certs/Kconfig
+##
+#. Signatures are added in linux-signed
+CONFIG_MODULE_SIG_KEY=
+CONFIG_SYSTEM_TRUSTED_KEYS=debian/pubkeys/benh at debian.org.key.pub.pem
+
+##
 ## file: crypto/Kconfig
 ##
 CONFIG_CRYPTO=y
diff --git a/debian/pubkeys/benh at debian.org.key.pub.pem b/debian/pubkeys/benh at debian.org.key.pub.pem
new file mode 100644
index 0000000..d5ba07d
--- /dev/null
+++ b/debian/pubkeys/benh at debian.org.key.pub.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9hRyFnH9WYKfiSWe6rL
+KbqB6EP+xSeOoBsN1W0BUxgEdPHGm6NbYYO0KzKKrJ4OVKVt3pemJcCSju7ZRoF9
+jlKkpzDUoMOsKDNDfL07RAJ7QPMj/tgq8TcDsU+W4nVmEiEcghlx7qiWfRZ9b8fl
+JjoFBYTeTPFcVRdcU+9N0tC2M4HFVZ454xNnkIAmob/q4ciUmaxFMmKKIeOsjfIB
+8tLXBwa62a72r1hAXU0P6Vt0hPg57IgxUZ7Td1WsPFaM1Qv4bmGcFHAUDCRvmrGk
+M1rK8Dx4iU3BYkT+677hyuUv490z2LZN26gbmBETf0o9OvGtTI1CIN77T2UkXXbB
+AQIDAQAB
+-----END PUBLIC KEY-----

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git



More information about the Kernel-svn-changes mailing list