summaryrefslogtreecommitdiff
path: root/scripts/check-blacklist-hashes.awk
AgeCommit message (Collapse)AuthorFilesLines
2022-07-27certs: move scripts/check-blacklist-hashes.awk to certs/Masahiro Yamada1-37/+0
This script is only used in certs/Makefile, so certs/ is a better home for it. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Mickaël Salaün <mic@linux.microsoft.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
2022-05-23certs: Check that builtin blacklist hashes are validMickaël Salaün1-0/+37
Add and use a check-blacklist-hashes.awk script to make sure that the builtin blacklist hashes set with CONFIG_SYSTEM_BLACKLIST_HASH_LIST will effectively be taken into account as blacklisted hashes. This is useful to debug invalid hash formats, and it make sure that previous hashes which could have been loaded in the kernel, but silently ignored, are now noticed and deal with by the user at kernel build time. This also prevent stricter blacklist key description checking (provided by following commits) to failed for builtin hashes. Update CONFIG_SYSTEM_BLACKLIST_HASH_LIST help to explain the content of a hash string and how to generate certificate ones. Cc: David Howells <dhowells@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Eric Snowberg <eric.snowberg@oracle.com> Cc: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Link: https://lore.kernel.org/r/20210712170313.884724-3-mic@digikod.net Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>