From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
To: David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
Ben Boeckel <me@benboeckel.net>,
Randy Dunlap <rdunlap@infradead.org>,
Malte Gell <malte.gell@gmx.de>,
Varad Gautam <varad.gautam@suse.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
Mimi Zohar <zohar@linux.ibm.com>,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, "Lee, Chun-Yi" <jlee@suse.com>
Subject: [PATCH v9,3/4] modsign: Add codeSigning EKU to the default
Date: Thu, 25 Aug 2022 22:23:13 +0800 [thread overview]
Message-ID: <20220825142314.8406-4-jlee@suse.com> (raw)
In-Reply-To: <20220825142314.8406-1-jlee@suse.com>
Add codeSigning EKU to the default X.509 key generation config for the
build time autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
certs/default_x509.genkey | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/default_x509.genkey b/certs/default_x509.genkey
index d4c6628cb8e5..53be501ce57a 100644
--- a/certs/default_x509.genkey
+++ b/certs/default_x509.genkey
@@ -15,3 +15,4 @@ basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
+extendedKeyUsage=codeSigning
--
2.26.2
next prev parent reply other threads:[~2022-08-25 14:24 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-25 14:23 [PATCH v9 0/4] Check codeSigning extended key usage extension Lee, Chun-Yi
2022-08-25 14:23 ` [PATCH v9,1/4] X.509: Add CodeSigning extended key usage parsing Lee, Chun-Yi
2022-08-26 20:23 ` Jarkko Sakkinen
2022-08-31 7:31 ` joeyli
2022-08-25 14:23 ` [PATCH v9,2/4] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification Lee, Chun-Yi
2022-08-28 3:34 ` Jarkko Sakkinen
2022-08-31 7:48 ` joeyli
2022-08-25 14:23 ` Lee, Chun-Yi [this message]
2022-08-25 14:23 ` [PATCH v9,4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU Lee, Chun-Yi
2022-08-28 3:35 ` Jarkko Sakkinen
2022-08-31 7:54 ` joeyli
2022-08-28 3:30 ` [PATCH v9 0/4] Check codeSigning extended key usage extension Jarkko Sakkinen
2022-08-31 8:29 ` joeyli
-- strict thread matches above, loose matches on Subject: below --
2022-07-13 4:24 Lee, Chun-Yi
2022-07-13 4:24 ` [PATCH v9,3/4] modsign: Add codeSigning EKU to the default Lee, Chun-Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220825142314.8406-4-jlee@suse.com \
--to=joeyli.kernel@gmail.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=jlee@suse.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=malte.gell@gmx.de \
--cc=me@benboeckel.net \
--cc=rdunlap@infradead.org \
--cc=varad.gautam@suse.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.