|
|
@@ -610,6 +610,40 @@ foreach my $line (@config_file) {
|
|
|
next;
|
|
|
}
|
|
|
|
|
|
+ if (/CONFIG_MODULE_SIG_KEY="(.+)"/) {
|
|
|
+ my $orig_cert = $1;
|
|
|
+ my $default_cert = "certs/signing_key.pem";
|
|
|
+
|
|
|
+ # Check that the logic in this script still matches the one in Kconfig
|
|
|
+ if (!defined($depends{"MODULE_SIG_KEY"}) ||
|
|
|
+ $depends{"MODULE_SIG_KEY"} !~ /"\Q$default_cert\E"/) {
|
|
|
+ print STDERR "WARNING: MODULE_SIG_KEY assertion failure, ",
|
|
|
+ "update needed to ", __FILE__, " line ", __LINE__, "\n";
|
|
|
+ print;
|
|
|
+ } elsif ($orig_cert ne $default_cert && ! -f $orig_cert) {
|
|
|
+ print STDERR "Module signature verification enabled but ",
|
|
|
+ "module signing key \"$orig_cert\" not found. Resetting ",
|
|
|
+ "signing key to default value.\n";
|
|
|
+ print "CONFIG_MODULE_SIG_KEY=\"$default_cert\"\n";
|
|
|
+ } else {
|
|
|
+ print;
|
|
|
+ }
|
|
|
+ next;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (/CONFIG_SYSTEM_TRUSTED_KEYS="(.+)"/) {
|
|
|
+ my $orig_keys = $1;
|
|
|
+
|
|
|
+ if (! -f $orig_keys) {
|
|
|
+ print STDERR "System keyring enabled but keys \"$orig_keys\" ",
|
|
|
+ "not found. Resetting keys to default value.\n";
|
|
|
+ print "CONFIG_SYSTEM_TRUSTED_KEYS=\"\"\n";
|
|
|
+ } else {
|
|
|
+ print;
|
|
|
+ }
|
|
|
+ next;
|
|
|
+ }
|
|
|
+
|
|
|
if (/^(CONFIG.*)=(m|y)/) {
|
|
|
if (defined($configs{$1})) {
|
|
|
if ($localyesconfig) {
|
Benjamin Poirier