1 files changed, 21 insertions, 1 deletions
diff --git a/kernel/Makefile b/kernel/Makefile
index 111a845460c9..a799029320d1 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -149,6 +149,26 @@ kernel/modsign_pubkey.o: signing_key.x509 extra_certificates
 # fail and that the kernel may be used afterwards.
 #
 ###############################################################################
+sign_key_with_hash :=
+ifeq ($(CONFIG_MODULE_SIG_SHA1),y)
+sign_key_with_hash := -sha1
+endif
+ifeq ($(CONFIG_MODULE_SIG_SHA224),y)
+sign_key_with_hash := -sha224
+endif
+ifeq ($(CONFIG_MODULE_SIG_SHA256),y)
+sign_key_with_hash := -sha256
+endif
+ifeq ($(CONFIG_MODULE_SIG_SHA384),y)
+sign_key_with_hash := -sha384
+endif
+ifeq ($(CONFIG_MODULE_SIG_SHA512),y)
+sign_key_with_hash := -sha512
+endif
+ifeq ($(sign_key_with_hash),)
+$(error Could not determine digest type to use from kernel config)
+endif
 signing_key.priv signing_key.x509: x509.genkey
        @echo "###"
        @echo "### Now generating an X.509 key pair to be used for signing modules."
@@ -160,7 +180,7 @@ signing_key.priv signing_key.x509: x509.genkey
        @echo "###"
        @echo "###     rngd -r /dev/hwrandom"
        @echo "###"
-        openssl req -new -nodes -utf8 -sha1 -days 36500 -batch \
+        openssl req -new -nodes -utf8 $(sign_key_with_hash) -days 36500 -batch \
                -x509 -config x509.genkey \
                -outform DER -out signing_key.x509 \
                -keyout signing_key.priv

diff --git a/kernel/Makefile b/kernel/Makefile index 111a845460c9..a799029320d1 100644 --- a/kernel/Makefile +++ b/kernel/Makefile
@@ -149,6 +149,26 @@ kernel/modsign_pubkey.o: signing_key.x509 extra_certificates
149	# fail and that the kernel may be used afterwards.	149	# fail and that the kernel may be used afterwards.
150	#	150	#
151	###############################################################################	151	###############################################################################
		152	sign_key_with_hash :=
		153	ifeq ($(CONFIG_MODULE_SIG_SHA1),y)
		154	sign_key_with_hash := -sha1
		155	endif
		156	ifeq ($(CONFIG_MODULE_SIG_SHA224),y)
		157	sign_key_with_hash := -sha224
		158	endif
		159	ifeq ($(CONFIG_MODULE_SIG_SHA256),y)
		160	sign_key_with_hash := -sha256
		161	endif
		162	ifeq ($(CONFIG_MODULE_SIG_SHA384),y)
		163	sign_key_with_hash := -sha384
		164	endif
		165	ifeq ($(CONFIG_MODULE_SIG_SHA512),y)
		166	sign_key_with_hash := -sha512
		167	endif
		168	ifeq ($(sign_key_with_hash),)
		169	$(error Could not determine digest type to use from kernel config)
		170	endif
		171
152	signing_key.priv signing_key.x509: x509.genkey	172	signing_key.priv signing_key.x509: x509.genkey
153	@echo "###"	173	@echo "###"
154	@echo "### Now generating an X.509 key pair to be used for signing modules."	174	@echo "### Now generating an X.509 key pair to be used for signing modules."
@@ -160,7 +180,7 @@ signing_key.priv signing_key.x509: x509.genkey
160	@echo "###"	180	@echo "###"
161	@echo "### rngd -r /dev/hwrandom"	181	@echo "### rngd -r /dev/hwrandom"
162	@echo "###"	182	@echo "###"
163	openssl req -new -nodes -utf8 -sha1 -days 36500 -batch \	183	openssl req -new -nodes -utf8 $(sign_key_with_hash) -days 36500 -batch \
164	-x509 -config x509.genkey \	184	-x509 -config x509.genkey \
165	-outform DER -out signing_key.x509 \	185	-outform DER -out signing_key.x509 \
166	-keyout signing_key.priv	186	-keyout signing_key.priv