summaryrefslogtreecommitdiff
path: root/init
diff options
context:
space:
mode:
authorDavid Woodhouse <David.Woodhouse@intel.com>2015-07-20 21:16:30 +0100
committerDavid Howells <dhowells@redhat.com>2015-08-07 16:26:14 +0100
commit1329e8cc69b93a0b1bc6d197b30dcff628c18dbf (patch)
treec468b5fe99777d0e5072b1bc41f43ef47253cf8e /init
parent19e91b69d77bab16405cc284b451378e89a4110c (diff)
modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed
Where an external PEM file or PKCS#11 URI is given, we can get the cert from it for ourselves instead of making the user drop signing_key.x509 in place for us. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig8
1 files changed, 4 insertions, 4 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 1b1148e9181b..e2e0a1d27886 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1953,10 +1953,10 @@ config MODULE_SIG_KEY
default "signing_key.priv"
depends on MODULE_SIG
help
- Provide the file name of a private key in PKCS#8 PEM format, or
- a PKCS#11 URI according to RFC7512. The corresponding X.509
- certificate in DER form should be present in signing_key.x509
- in the top-level build directory.
+ Provide the file name of a private key/certificate in PEM format,
+ or a PKCS#11 URI according to RFC7512. The file should contain, or
+ the URI should identify, both the certificate and its corresponding
+ private key.
If this option is unchanged from its default "signing_key.priv",
then the kernel will automatically generate the private key and