* [PATCH 0/4] MODSIGN: Allow to sign modules outside build
@ 2013-01-23 15:30 Michal Marek
2013-01-23 15:30 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper Michal Marek
` (7 more replies)
0 siblings, 8 replies; 11+ messages in thread
From: Michal Marek @ 2013-01-23 15:30 UTC (permalink / raw)
To: dhowells, rusty; +Cc: linux-kernel
Hi,
This series allows to sign modules outside of the build tree and / or
without direct access to the private key.
Thanks,
Michal
Michal Marek (4):
MODSIGN: Simplify Makefile with a Kconfig helper
MODSIGN: Specify the hash algorithm on sign-file command line
MODSIGN: Add -s <signature> option to sign-file
MODSIGN: Add option to not sign modules during modules_install
Makefile | 4 +-
init/Kconfig | 20 ++++++++
kernel/Makefile | 24 +---------
scripts/sign-file | 135 +++++++++++++++++++++++++----------------------------
4 files changed, 88 insertions(+), 95 deletions(-)
--
1.7.10.4
^ permalink raw reply [flat|nested] 11+ messages in thread* [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper 2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek @ 2013-01-23 15:30 ` Michal Marek 2013-01-23 15:30 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line Michal Marek ` (6 subsequent siblings) 7 siblings, 0 replies; 11+ messages in thread From: Michal Marek @ 2013-01-23 15:30 UTC (permalink / raw) To: dhowells, rusty; +Cc: linux-kernel Signed-off-by: Michal Marek <mmarek@suse.cz> --- init/Kconfig | 9 +++++++++ kernel/Makefile | 24 ++---------------------- 2 files changed, 11 insertions(+), 22 deletions(-) diff --git a/init/Kconfig b/init/Kconfig index 6fdd6e3..ba7d1c1 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1634,6 +1634,15 @@ config MODULE_SIG_SHA512 endchoice +config MODULE_SIG_HASH + string + depends on MODULE_SIG + default "sha1" if MODULE_SIG_SHA1 + default "sha224" if MODULE_SIG_SHA224 + default "sha256" if MODULE_SIG_SHA256 + default "sha384" if MODULE_SIG_SHA384 + default "sha512" if MODULE_SIG_SHA512 + endif # MODULES config INIT_ALL_POSSIBLE diff --git a/kernel/Makefile b/kernel/Makefile index 86e3285..740bf4c 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -148,26 +148,6 @@ kernel/modsign_pubkey.o: signing_key.x509 extra_certificates # fail and that the kernel may be used afterwards. # ############################################################################### -sign_key_with_hash := -ifeq ($(CONFIG_MODULE_SIG_SHA1),y) -sign_key_with_hash := -sha1 -endif -ifeq ($(CONFIG_MODULE_SIG_SHA224),y) -sign_key_with_hash := -sha224 -endif -ifeq ($(CONFIG_MODULE_SIG_SHA256),y) -sign_key_with_hash := -sha256 -endif -ifeq ($(CONFIG_MODULE_SIG_SHA384),y) -sign_key_with_hash := -sha384 -endif -ifeq ($(CONFIG_MODULE_SIG_SHA512),y) -sign_key_with_hash := -sha512 -endif -ifeq ($(sign_key_with_hash),) -$(error Could not determine digest type to use from kernel config) -endif - signing_key.priv signing_key.x509: x509.genkey @echo "###" @echo "### Now generating an X.509 key pair to be used for signing modules." @@ -177,8 +157,8 @@ signing_key.priv signing_key.x509: x509.genkey @echo "### needs to be run as root, and uses a hardware random" @echo "### number generator if one is available." @echo "###" - openssl req -new -nodes -utf8 $(sign_key_with_hash) -days 36500 -batch \ - -x509 -config x509.genkey \ + openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \ + -batch -x509 -config x509.genkey \ -outform DER -out signing_key.x509 \ -keyout signing_key.priv @echo "###" -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line 2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek 2013-01-23 15:30 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper Michal Marek @ 2013-01-23 15:30 ` Michal Marek 2013-01-23 15:30 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file Michal Marek ` (5 subsequent siblings) 7 siblings, 0 replies; 11+ messages in thread From: Michal Marek @ 2013-01-23 15:30 UTC (permalink / raw) To: dhowells, rusty; +Cc: linux-kernel Make the script usable without a .config file. Signed-off-by: Michal Marek <mmarek@suse.cz> --- Makefile | 2 +- scripts/sign-file | 53 ++++++++++++++++------------------------------------- 2 files changed, 17 insertions(+), 38 deletions(-) diff --git a/Makefile b/Makefile index 51a9bda..860dc21 100644 --- a/Makefile +++ b/Makefile @@ -723,7 +723,7 @@ ifeq ($(CONFIG_MODULE_SIG),y) MODSECKEY = ./signing_key.priv MODPUBKEY = ./signing_key.x509 export MODPUBKEY -mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) +mod_sign_cmd = perl $(srctree)/scripts/sign-file -a $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) else mod_sign_cmd = true endif diff --git a/scripts/sign-file b/scripts/sign-file index 974a20b..eefdec4 100755 --- a/scripts/sign-file +++ b/scripts/sign-file @@ -10,15 +10,16 @@ use strict; use FileHandle; use IPC::Open2; +use Getopt::Std; -my $verbose = 0; -if ($#ARGV >= 0 && $ARGV[0] eq "-v") { - $verbose = 1; - shift; -} +our ($opt_v, $opt_a); + +my $res = getopts('va:'); +my $verbose = $opt_v; +my $dgst = $opt_a; -die "Format: ./scripts/sign-file [-v] <key> <x509> <module> [<dest>]\n" - if ($#ARGV != 2 && $#ARGV != 3); +die "Format: ./scripts/sign-file [-v] -a <hash algo> <key> <x509> <module> [<dest>]\n" + if (!$res || !$dgst || $#ARGV != 2 && $#ARGV != 3); my $private_key = $ARGV[0]; my $x509 = $ARGV[1]; @@ -30,23 +31,6 @@ die "Can't read X.509 certificate\n" unless (-r $x509); die "Can't read module\n" unless (-r $module); # -# Read the kernel configuration -# -my %config = ( - CONFIG_MODULE_SIG_SHA512 => 1 - ); - -if (-r ".config") { - open(FD, "<.config") || die ".config"; - while (<FD>) { - if ($_ =~ /^(CONFIG_.*)=[ym]/) { - $config{$1} = 1; - } - } - close(FD); -} - -# # Function to read the contents of a file into a variable. # sub read_file($) @@ -321,51 +305,46 @@ my $id_type = 1; # Identifier type: X.509 # # Digest the data # -my ($dgst, $prologue) = (); -if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) { +my $prologue; +if ($dgst eq "sha1") { $prologue = pack("C*", 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14); - $dgst = "-sha1"; $hash = 2; -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) { +} elsif ($dgst eq "sha224") { $prologue = pack("C*", 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C); - $dgst = "-sha224"; $hash = 7; -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) { +} elsif ($dgst eq "sha256") { $prologue = pack("C*", 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20); - $dgst = "-sha256"; $hash = 4; -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) { +} elsif ($dgst eq "sha384") { $prologue = pack("C*", 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30); - $dgst = "-sha384"; $hash = 5; -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) { +} elsif ($dgst eq "sha512") { $prologue = pack("C*", 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40); - $dgst = "-sha512"; $hash = 6; } else { - die "Can't determine hash algorithm"; + die "Unknown hash algorithm: $dgst\n"; } # # Generate the digest and read from openssl's stdout # my $digest; -$digest = readpipe("openssl dgst $dgst -binary $module") || die "openssl dgst"; +$digest = readpipe("openssl dgst -$dgst -binary $module") || die "openssl dgst"; # # Generate the binary signature, which will be just the integer that comprises -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file 2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek 2013-01-23 15:30 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper Michal Marek 2013-01-23 15:30 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line Michal Marek @ 2013-01-23 15:30 ` Michal Marek 2013-01-23 15:30 ` [PATCH 4/4] MODSIGN: Add option to not sign modules during modules_install Michal Marek ` (4 subsequent siblings) 7 siblings, 0 replies; 11+ messages in thread From: Michal Marek @ 2013-01-23 15:30 UTC (permalink / raw) To: dhowells, rusty; +Cc: linux-kernel This option allows to append an externally computed singature to the module. This is needed in setups, where the private key is not directly available, but a service exists that returns signatures for given files. Signed-off-by: Michal Marek <mmarek@suse.cz> --- scripts/sign-file | 92 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 53 insertions(+), 39 deletions(-) diff --git a/scripts/sign-file b/scripts/sign-file index eefdec4..51e3b7b 100755 --- a/scripts/sign-file +++ b/scripts/sign-file @@ -2,31 +2,42 @@ # # Sign a module file using the given key. # -# Format: -# -# ./scripts/sign-file [-v] <key> <x509> <module> [<dest>] -# -# + +my $USAGE = +"Usage: scripts/sign-file [-v] -a <hash algo> <key> <x509> <module> [<dest>]\n" . +" scripts/sign-file [-v] -a <hash algo> -s <raw sig> <x509> ...\n"; + use strict; use FileHandle; use IPC::Open2; use Getopt::Std; -our ($opt_v, $opt_a); +our ($opt_v, $opt_a, $opt_s); -my $res = getopts('va:'); +getopts('va:s:') or die $USAGE; my $verbose = $opt_v; my $dgst = $opt_a; +my $signature_file = $opt_s; -die "Format: ./scripts/sign-file [-v] -a <hash algo> <key> <x509> <module> [<dest>]\n" - if (!$res || !$dgst || $#ARGV != 2 && $#ARGV != 3); +die $USAGE if !$dgst || $#ARGV > 3; +die $USAGE if !$signature_file && $#ARGV < 2 || $signature_file && $#ARGV < 1; -my $private_key = $ARGV[0]; -my $x509 = $ARGV[1]; -my $module = $ARGV[2]; -my $dest = ($#ARGV == 3) ? $ARGV[3] : $ARGV[2] . "~"; +my $private_key; +if (!$signature_file) { + $private_key = shift @ARGV; +} +my $x509 = shift @ARGV; +my $module = shift @ARGV; +my ($dest, $keep_orig); +if (@ARGV) { + $dest = $ARGV[0]; + $keep_orig = 1; +} else { + $dest = $module . "~"; +} -die "Can't read private key\n" unless (-r $private_key); +die "Can't read private key\n" if !$signature_file && !-r $private_key; +die "Can't read signature file\n" if $signature_file && !-r $signature_file; die "Can't read X.509 certificate\n" unless (-r $x509); die "Can't read module\n" unless (-r $module); @@ -340,33 +351,36 @@ if ($dgst eq "sha1") { die "Unknown hash algorithm: $dgst\n"; } -# -# Generate the digest and read from openssl's stdout -# -my $digest; -$digest = readpipe("openssl dgst -$dgst -binary $module") || die "openssl dgst"; - -# -# Generate the binary signature, which will be just the integer that comprises -# the signature with no metadata attached. -# -my $pid; -$pid = open2(*read_from, *write_to, - "openssl rsautl -sign -inkey $private_key -keyform PEM") || - die "openssl rsautl"; -binmode write_to; -print write_to $prologue . $digest || die "pipe to openssl rsautl"; -close(write_to) || die "pipe to openssl rsautl"; - -binmode read_from; my $signature; -read(read_from, $signature, 4096) || die "pipe from openssl rsautl"; -close(read_from) || die "pipe from openssl rsautl"; +if ($signature_file) { + $signature = read_file($signature_file); +} else { + # + # Generate the digest and read from openssl's stdout + # + my $digest; + $digest = readpipe("openssl dgst -$dgst -binary $module") || die "openssl dgst"; + + # + # Generate the binary signature, which will be just the integer that + # comprises the signature with no metadata attached. + # + my $pid; + $pid = open2(*read_from, *write_to, + "openssl rsautl -sign -inkey $private_key -keyform PEM") || + die "openssl rsautl"; + binmode write_to; + print write_to $prologue . $digest || die "pipe to openssl rsautl"; + close(write_to) || die "pipe to openssl rsautl"; + + binmode read_from; + read(read_from, $signature, 4096) || die "pipe from openssl rsautl"; + close(read_from) || die "pipe from openssl rsautl"; + waitpid($pid, 0) || die; + die "openssl rsautl died: $?" if ($? >> 8); +} $signature = pack("n", length($signature)) . $signature, -waitpid($pid, 0) || die; -die "openssl rsautl died: $?" if ($? >> 8); - # # Build the signed binary # @@ -403,6 +417,6 @@ print FD ; close FD || die $dest; -if ($#ARGV != 3) { +if (!$keep_orig) { rename($dest, $module) || die $module; } -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 4/4] MODSIGN: Add option to not sign modules during modules_install 2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek ` (2 preceding siblings ...) 2013-01-23 15:30 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file Michal Marek @ 2013-01-23 15:30 ` Michal Marek 2013-01-24 15:11 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper David Howells ` (3 subsequent siblings) 7 siblings, 0 replies; 11+ messages in thread From: Michal Marek @ 2013-01-23 15:30 UTC (permalink / raw) To: dhowells, rusty; +Cc: linux-kernel To allow the builder to sign only a subset of modules, or to sign the modules using a key that is not available on the build machine, add CONFIG_MODULE_SIG_ALL. If this option is unset, no modules will be signed during build. The default is 'y', to preserve the current behavior. Signed-off-by: Michal Marek <mmarek@suse.cz> --- Makefile | 2 +- init/Kconfig | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 860dc21..e3a00de 100644 --- a/Makefile +++ b/Makefile @@ -719,7 +719,7 @@ endif # INSTALL_MOD_STRIP export mod_strip_cmd -ifeq ($(CONFIG_MODULE_SIG),y) +ifdef CONFIG_MODULE_SIG_ALL MODSECKEY = ./signing_key.priv MODPUBKEY = ./signing_key.x509 export MODPUBKEY diff --git a/init/Kconfig b/init/Kconfig index ba7d1c1..d2db2e7 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1602,6 +1602,17 @@ config MODULE_SIG_FORCE Reject unsigned modules or signed modules for which we don't have a key. Without this, such modules will simply taint the kernel. +config MODULE_SIG_ALL + bool "Automatically sign all modules" + default y + depends on MODULE_SIG + help + Sign all modules during make modules_install. Without this option, + modules must be signed manually, using the scripts/sign-file tool. + +comment "Do not forget to sign required modules with scripts/sign-file" + depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL + choice prompt "Which hash algorithm should modules be signed with?" depends on MODULE_SIG -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper 2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek ` (3 preceding siblings ...) 2013-01-23 15:30 ` [PATCH 4/4] MODSIGN: Add option to not sign modules during modules_install Michal Marek @ 2013-01-24 15:11 ` David Howells 2013-01-24 15:16 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line David Howells ` (2 subsequent siblings) 7 siblings, 0 replies; 11+ messages in thread From: David Howells @ 2013-01-24 15:11 UTC (permalink / raw) To: Michal Marek; +Cc: dhowells, rusty, linux-kernel Michal Marek <mmarek@suse.cz> wrote: > Signed-off-by: Michal Marek <mmarek@suse.cz> Add a check into the script to make sure that CONFIG_MODULE_SIG_HASH is actually set to something, and then you can add "Acked-by: David Howells <dhowells@redhat.com>". David ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line 2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek ` (4 preceding siblings ...) 2013-01-24 15:11 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper David Howells @ 2013-01-24 15:16 ` David Howells 2013-01-24 15:17 ` David Howells 2013-01-24 15:20 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file David Howells 7 siblings, 0 replies; 11+ messages in thread From: David Howells @ 2013-01-24 15:16 UTC (permalink / raw) To: Michal Marek; +Cc: dhowells, rusty, linux-kernel Michal Marek <mmarek@suse.cz> wrote: > -mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) > +mod_sign_cmd = perl $(srctree)/scripts/sign-file -a $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) It's mandatory, so it shouldn't really have a "-a" flag. David ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line 2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek ` (5 preceding siblings ...) 2013-01-24 15:16 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line David Howells @ 2013-01-24 15:17 ` David Howells 2013-01-24 19:59 ` Michal Marek 2013-01-25 0:07 ` David Howells 2013-01-24 15:20 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file David Howells 7 siblings, 2 replies; 11+ messages in thread From: David Howells @ 2013-01-24 15:17 UTC (permalink / raw) To: Michal Marek; +Cc: dhowells, rusty, linux-kernel Michal Marek <mmarek@suse.cz> wrote: > +our ($opt_v, $opt_a); Should this be 'our' or 'my'? David ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line 2013-01-24 15:17 ` David Howells @ 2013-01-24 19:59 ` Michal Marek 2013-01-25 0:07 ` David Howells 1 sibling, 0 replies; 11+ messages in thread From: Michal Marek @ 2013-01-24 19:59 UTC (permalink / raw) To: David Howells; +Cc: rusty, linux-kernel Dne 24.1.2013 16:17, David Howells napsal(a): > Michal Marek <mmarek@suse.cz> wrote: > >> +our ($opt_v, $opt_a); > > Should this be 'our' or 'my'? These are global variables set by getopts(), so they need to be declared 'our'. But I can change it to use the two-argument version of getopts, that does not use global variables. Michal ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line 2013-01-24 15:17 ` David Howells 2013-01-24 19:59 ` Michal Marek @ 2013-01-25 0:07 ` David Howells 1 sibling, 0 replies; 11+ messages in thread From: David Howells @ 2013-01-25 0:07 UTC (permalink / raw) To: Michal Marek; +Cc: dhowells, rusty, linux-kernel Michal Marek <mmarek@suse.cz> wrote: > >> +our ($opt_v, $opt_a); > > > > Should this be 'our' or 'my'? > > These are global variables set by getopts(), so they need to be declared > 'our'. But I can change it to use the two-argument version of getopts, > that does not use global variables. No, that's fine. Perl seems like black magic at the best of times. David ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file 2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek ` (6 preceding siblings ...) 2013-01-24 15:17 ` David Howells @ 2013-01-24 15:20 ` David Howells 7 siblings, 0 replies; 11+ messages in thread From: David Howells @ 2013-01-24 15:20 UTC (permalink / raw) To: Michal Marek; +Cc: dhowells, rusty, linux-kernel +die "Can't read private key\n" if !$signature_file && !-r $private_key; +die "Can't read signature file\n" if $signature_file && !-r $signature_file; Please bracket the if condition. David ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2013-01-25 0:07 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek 2013-01-23 15:30 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper Michal Marek 2013-01-23 15:30 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line Michal Marek 2013-01-23 15:30 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file Michal Marek 2013-01-23 15:30 ` [PATCH 4/4] MODSIGN: Add option to not sign modules during modules_install Michal Marek 2013-01-24 15:11 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper David Howells 2013-01-24 15:16 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line David Howells 2013-01-24 15:17 ` David Howells 2013-01-24 19:59 ` Michal Marek 2013-01-25 0:07 ` David Howells 2013-01-24 15:20 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file David Howells
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).