lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZOy0mMfTP1N3MRka@bergen.fjasle.eu>
Date:   Mon, 28 Aug 2023 16:52:08 +0200
From:   Nicolas Schier <nicolas@...sle.eu>
To:     Masahiro Yamada <masahiroy@...nel.org>
Cc:     linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>
Subject: Re: [PATCH 8/8] kbuild: support modules_sign for external modules as
 well

On Wed 23 Aug 2023 20:50:48 GMT, Masahiro Yamada wrote:
> The modules_sign target is currently only available for in-tree modules,
> but it actually works for external modules as well.
> 
> Move the modules_sign rule to the common part.
> 
> Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
> ---

Reviewed-by: Nicolas Schier <nicolas@...sle.eu>


> 
>  Makefile                 | 32 ++++++++++++++++----------------
>  scripts/Makefile.modinst |  4 ++--
>  2 files changed, 18 insertions(+), 18 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index 82d22debf6c9..87a9eef3fb4b 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1461,20 +1461,6 @@ modules: modules_prepare
>  modules_prepare: prepare
>  	$(Q)$(MAKE) $(build)=scripts scripts/module.lds
>  
> -export modules_sign_only :=
> -
> -ifeq ($(CONFIG_MODULE_SIG),y)
> -PHONY += modules_sign
> -modules_sign: modules_install
> -	@:
> -
> -# modules_sign is a subset of modules_install.
> -# 'make modules_install modules_sign' is equivalent to 'make modules_install'.
> -ifeq ($(filter modules_install,$(MAKECMDGOALS)),)
> -modules_sign_only := y
> -endif
> -endif
> -
>  endif # CONFIG_MODULES
>  
>  ###
> @@ -1833,10 +1819,24 @@ endif # KBUILD_EXTMOD
>  # ---------------------------------------------------------------------------
>  # Modules
>  
> -PHONY += modules modules_install modules_prepare
> +PHONY += modules modules_install modules_sign modules_prepare
>  
>  modules_install:
> -	$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modinst
> +	$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modinst \
> +	sign-only=$(if $(filter modules_install,$(MAKECMDGOALS)),,y)
> +
> +ifeq ($(CONFIG_MODULE_SIG),y)
> +# modules_sign is a subset of modules_install.
> +# 'make modules_install modules_sign' is equivalent to 'make modules_install'.
> +modules_sign: modules_install
> +	@:
> +else
> +modules_sign:
> +	@echo >&2 '***'
> +	@echo >&2 '*** CONFIG_MODULE_SIG is disabled. You cannot sign modules.'
> +	@echo >&2 '***'
> +	@false
> +endif
>  
>  ifdef CONFIG_MODULES
>  
> diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
> index 33d424a3f265..459cb1fed223 100644
> --- a/scripts/Makefile.modinst
> +++ b/scripts/Makefile.modinst
> @@ -13,7 +13,7 @@ install-y :=
>  
>  PHONY += prepare
>  
> -ifeq ($(KBUILD_EXTMOD)$(modules_sign_only),)
> +ifeq ($(KBUILD_EXTMOD)$(sign-only),)
>  
>  # Install more files for in-tree modules_install
>  
> @@ -115,7 +115,7 @@ quiet_cmd_sign = SIGN    $@
>        cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) "$(sig-key)" certs/signing_key.x509 $@ \
>                   $(if $(KBUILD_EXTMOD),|| true)
>  
> -ifeq ($(modules_sign_only),)
> +ifeq ($(sign-only),)
>  
>  # During modules_install, modules are signed only when CONFIG_MODULE_SIG_ALL=y.
>  ifndef CONFIG_MODULE_SIG_ALL
> -- 
> 2.39.2

-- 
Nicolas Schier
 
epost|xmpp: nicolas@...sle.eu          irc://oftc.net/nsc
↳ gpg: 18ed 52db e34f 860e e9fb  c82b 7d97 0932 55a0 ce7f
     -- frykten for herren er opphav til kunnskap --

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ