All of lore.kernel.org
 help / color / mirror / Atom feed
From: Randy Dunlap <rdunlap@infradead.org>
To: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>,
	David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
	"David S . Miller" <davem@davemloft.net>,
	Ben Boeckel <me@benboeckel.net>, Malte Gell <malte.gell@gmx.de>,
	keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-kernel@vger.kernel.org, "Lee, Chun-Yi" <jlee@suse.com>
Subject: Re: [PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU
Date: Mon, 22 Feb 2021 08:48:42 -0800	[thread overview]
Message-ID: <a6eb68cc-7815-daf7-8cc5-0757be502fee@infradead.org> (raw)
In-Reply-To: <20210222064251.13374-5-jlee@suse.com>

Hi,

On 2/21/21 10:42 PM, Lee, Chun-Yi wrote:
> Add an openssl command option example for generating CodeSign extended
> key usage in X.509 when CONFIG_CHECK_CODESIGN_EKU is enabled.
> 
> Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
> ---
>  Documentation/admin-guide/module-signing.rst | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst
> index 7d7c7c8a545c..b57b30c7125f 100644
> --- a/Documentation/admin-guide/module-signing.rst
> +++ b/Documentation/admin-guide/module-signing.rst
> @@ -170,6 +170,12 @@ generate the public/private key files::
>  	   -config x509.genkey -outform PEM -out kernel_key.pem \
>  	   -keyout kernel_key.pem
>  
> +When ``CONFIG_CHECK_CODESIGN_EKU`` option be enabled, the following openssl

                                             is enabled,

> +command option should be added for generating CodeSign extended key usage in

              should be added <where>?

> +X.509::
> +
> +        -addext "extendedKeyUsage=codeSigning"
> +
>  The full pathname for the resulting kernel_key.pem file can then be specified
>  in the ``CONFIG_MODULE_SIG_KEY`` option, and the certificate and key therein will
>  be used instead of an autogenerated keypair.
> 

thanks.
-- 
~Randy


  reply	other threads:[~2021-02-22 16:49 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-22  6:42 [PATCH v4 0/4] Check codeSigning extended key usage extension Lee, Chun-Yi
2021-02-22  6:42 ` [PATCH 1/4] X.509: Add CodeSigning extended key usage parsing Lee, Chun-Yi
2021-02-22  6:42 ` [PATCH 2/4] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification Lee, Chun-Yi
2021-02-22  6:42 ` [PATCH 3/4] modsign: Add codeSigning EKU when generating X.509 key generation config Lee, Chun-Yi
2021-02-22  6:42 ` [PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU Lee, Chun-Yi
2021-02-22 16:48   ` Randy Dunlap [this message]
2021-02-24  9:27     ` joeyli
  -- strict thread matches above, loose matches on Subject: below --
2021-04-09  2:46 [PATCH v5 0/4] Check codeSigning extended key usage extension Lee, Chun-Yi
2021-04-09  2:46 ` [PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU Lee, Chun-Yi
2021-03-23  3:55 [PATCH v5 0/4] Check codeSigning extended key usage extension Lee, Chun-Yi
2021-03-23  3:55 ` [PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU Lee, Chun-Yi
2021-03-09  9:10 [PATCH v5 0/4] Check codeSigning extended key usage extension Lee, Chun-Yi
2021-03-09  9:10 ` [PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU Lee, Chun-Yi
2021-01-20  9:05 [PATCH v4 0/4] Check codeSigning extended key usage extension Lee, Chun-Yi
2021-01-20  9:05 ` [PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU Lee, Chun-Yi
2020-11-25  7:26 [PATCH 0/4] Check codeSigning extended key usage extension Lee, Chun-Yi
2020-11-25  7:26 ` [PATCH 4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU Lee, Chun-Yi
2020-11-25 17:25   ` Randy Dunlap
2020-11-26  6:58     ` joeyli

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a6eb68cc-7815-daf7-8cc5-0757be502fee@infradead.org \
    --to=rdunlap@infradead.org \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jlee@suse.com \
    --cc=joeyli.kernel@gmail.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=malte.gell@gmx.de \
    --cc=me@benboeckel.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.