diff mbox series

[v8,3/4] modsign: Add codeSigning EKU when generating X.509 key generation config

Message ID 20210524021540.18736-4-jlee@suse.com (mailing list archive)
State New
Headers show
Series Check codeSigning extended key usage extension | expand

Commit Message

Lee, Chun-Yi May 24, 2021, 2:15 a.m. UTC
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.

Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
---
 certs/Makefile | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/certs/Makefile b/certs/Makefile
index 359239a0ee9e..278e83d23aeb 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -99,6 +99,7 @@  $(obj)/x509.genkey:
 	@echo >>$@ "keyUsage=digitalSignature"
 	@echo >>$@ "subjectKeyIdentifier=hash"
 	@echo >>$@ "authorityKeyIdentifier=keyid"
+	@echo >>$@ "extendedKeyUsage=codeSigning"
 endif # CONFIG_MODULE_SIG_KEY
 
 $(eval $(call config_filename,MODULE_SIG_KEY))