Received: by 2002:a05:6a10:6d25:0:0:0:0 with SMTP id gq37csp1884640pxb; Mon, 13 Sep 2021 07:31:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz0/HuTuEhXMUY+4HRCx169lz/0Cc4B38rvWz1DjX2qNNgIKCRfFF2x2QCcQyfB5jnVYAbx X-Received: by 2002:a92:190b:: with SMTP id 11mr8743730ilz.303.1631543466854; Mon, 13 Sep 2021 07:31:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631543466; cv=none; d=google.com; s=arc-20160816; b=TGA65gFlH8nRVXbj4x3phxR8/FDial358W1QxYsFrqi39p8w8pD4j5Zs3Fhy1EKmVD ATxoD0O5aO0BQJ9giSGnZL2BvDtLg/jcxg1PpHTRyrPzh1qDrx0MchmT8H6VZsBTJ5iC pYmBZtKyAcEa5+3ImP/gvuNTLZ6IUD2LXjvjZFbrpZfnTo3925Ok9TPNbtePQGPYbWIz yW3+WUPL0GXTObU1+Q8Eft+7rHBdugrD8zB9pHnX6Ipr7ey1TvjcssgE/gO6T3yvK6nc zdWfvbhchK8GoyreUbpgZ+0j9cChzIDcP0xwI8bZP8UBm1CE1CzmjxqiJtL049UIC5ew Fbtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=r279uve9GVcVy5wfDU/uwHjdHg5igh7kAgkZwn25+WE=; b=H8BsNuvIMXTbGhjbLuA8VTLC2o1ZPHvS6ZoM2o3OcO8NMiBTa1KXQl0tze/fnKV+qo KpiyGJ3T+h5dujcMQe+cKGN+kSCBApwq5ti8f1g6UYt+iVdYb2x+r6m3EkXC0iyy8k5d vVF9gm7Pqb95bxJhh/i/uNjD3zatEViTEQPC+H/1GzFxPSjVQduJ5D0Y/l1OT0btTpUK iYdkzaBMAbmzzfm7bpo46FL/GMM08/vbHuu/yauKu4RZE71qgzfLGrMW3VnkMuvc7pt7 MKjeVffGfPHo06Zj5yaWtUSqcwh/pVJeceitP+SSfhT4WHX9LhLgUgFW/Zj3BhYCl/ki QrHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=SEYGVo3y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d9si272110ilv.97.2021.09.13.07.30.52; Mon, 13 Sep 2021 07:31:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=SEYGVo3y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346058AbhIMO2O (ORCPT + 99 others); Mon, 13 Sep 2021 10:28:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:42230 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344695AbhIMOXW (ORCPT ); Mon, 13 Sep 2021 10:23:22 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 2DFBE61B41; Mon, 13 Sep 2021 13:47:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1631540877; bh=uPKHFJqu3rTSPQzxnPEi0qkx4KPNse7MlsqU42wUxWk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SEYGVo3yBj7/BpQP6m5VLXhJZA2OoLOUmoAMKKDK9vBz6E0pt27HYL3DH7QKCGpA7 r9KYwZubDNOYfZ1MzII/MPUzwYau3akNdE/6gF58QFKLy4mS3YcTDAR6ViZ94Pd2sG 7VJgv1mY25i1ZJAHyN1xC1Qc9fV/ak9oe2TL/yKs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Howells , David Woodhouse , Stefan Berger , Jarkko Sakkinen , Sasha Levin Subject: [PATCH 5.14 072/334] certs: Trigger creation of RSA module signing key if its not an RSA key Date: Mon, 13 Sep 2021 15:12:06 +0200 Message-Id: <20210913131115.835591507@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210913131113.390368911@linuxfoundation.org> References: <20210913131113.390368911@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stefan Berger [ Upstream commit ea35e0d5df6c92fa2e124bb1b91d09b2240715ba ] Address a kbuild issue where a developer created an ECDSA key for signing kernel modules and then builds an older version of the kernel, when bi- secting the kernel for example, that does not support ECDSA keys. If openssl is installed, trigger the creation of an RSA module signing key if it is not an RSA key. Fixes: cfc411e7fff3 ("Move certificate handling to its own directory") Cc: David Howells Cc: David Woodhouse Signed-off-by: Stefan Berger Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen Signed-off-by: Sasha Levin --- certs/Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/certs/Makefile b/certs/Makefile index 359239a0ee9e..f9344e52ecda 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -57,11 +57,19 @@ endif redirect_openssl = 2>&1 quiet_redirect_openssl = 2>&1 silent_redirect_openssl = 2>/dev/null +openssl_available = $(shell openssl help 2>/dev/null && echo yes) # We do it this way rather than having a boolean option for enabling an # external private key, because 'make randconfig' might enable such a # boolean option and we unfortunately can't make it depend on !RANDCONFIG. ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem") + +ifeq ($(openssl_available),yes) +X509TEXT=$(shell openssl x509 -in "certs/signing_key.pem" -text 2>/dev/null) + +$(if $(findstring rsaEncryption,$(X509TEXT)),,$(shell rm -f "certs/signing_key.pem")) +endif + $(obj)/signing_key.pem: $(obj)/x509.genkey @$(kecho) "###" @$(kecho) "### Now generating an X.509 key pair to be used for signing modules." -- 2.30.2