kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   678063aa1425c5fee2dc993e6cd635f549601f8b
  2.   patches.suse
  3.   0003-modsign-Add-codeSigning-EKU-when-generating-X.509-ke.patch
Blob Blame History Raw 
From eb9e8c803a87e3284b4974baf972bc8b75e040cb Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <jlee@suse.com>
Date: Wed, 25 Nov 2020 13:54:04 +0800
Subject: [PATCH 3/4] modsign: Add codeSigning EKU when generating X.509 key
 generation config
Patch-mainline: Not yet, sent as RFC on 2020-11-25
References: bsc#1177353, bsc#1179076

Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.

Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
 certs/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/certs/Makefile b/certs/Makefile
index f4c25b67aad9..1ef4d6ca43b7 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -88,6 +88,7 @@ $(obj)/x509.genkey:
 	@echo >>$@ "keyUsage=digitalSignature"
 	@echo >>$@ "subjectKeyIdentifier=hash"
 	@echo >>$@ "authorityKeyIdentifier=keyid"
+	@echo >>$@ "extendedKeyUsage=codeSigning"
 endif # CONFIG_MODULE_SIG_KEY
 
 $(eval $(call config_filename,MODULE_SIG_KEY))
-- 
2.16.4
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.