aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/system_certificates.S
Commit message (Collapse)AuthorAge
* KEYS: correct alignment of system_certificate_list content in assembly fileHendrik Brueckner2013-12-10
| | | | | | | | | | | | | | | | | | | Apart from data-type specific alignment constraints, there are also architecture-specific alignment requirements. For example, on s390 symbols must be on even addresses implying a 2-byte alignment. If the system_certificate_list_end symbol is on an odd address and if this address is loaded, the least-significant bit is ignored. As a result, the load_system_certificate_list() fails to load the certificates because of a wrong certificate length calculation. To be safe, align system_certificate_list on an 8-byte boundary. Also improve the length calculation of the system_certificate_list content. Introduce a system_certificate_list_size (8-byte aligned because of unsigned long) variable that stores the length. Let the linker calculate this size by introducing a start and end label for the certificate content. Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com>
* kernel/system_certificate.S: use real contents instead of macro GLOBAL()Chen Gang2013-10-30
| | | | | | | | | | | | | | | | | If a macro is only used within 2 times, and also its contents are within 2 lines, recommend to expand it to shrink code line. For our case, the macro is not portable either: some architectures' assembler may use another character to mark newline in a macro (e.g. '`' for arc), which will cause issue. If still want to use macro and let it portable enough, it will also need include additional header file (e.g "#include <linux/linkage.h>", although it also need be fixed). Signed-off-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: David Howells <dhowells@redhat.com>
* KEYS: Separate the kernel signature checking keyring from module signingDavid Howells2013-09-25
Separate the kernel signature checking keyring from module signing so that it can be used by code other than the module-signing code. Signed-off-by: David Howells <dhowells@redhat.com>