modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed Where an external PEM file or PKCS#11 URI is given, we can get the cert from it for ourselves instead of making the user drop signing_key.x509 in place for us. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>

commit: 1329e8cc69b93a0b1bc6d197b30dcff628c18dbf [log] [tgz]
author: David Woodhouse <David.Woodhouse@intel.com> Mon Jul 20 21:16:30 2015 +0100
committer: David Howells <dhowells@redhat.com> Fri Aug 07 16:26:14 2015 +0100
tree: c468b5fe99777d0e5072b1bc41f43ef47253cf8e
parent: 19e91b69d77bab16405cc284b451378e89a4110c [diff] [blame]
diff --git a/init/Kconfig b/init/Kconfig
index 1b1148e..e2e0a1d2 100644
--- a/init/Kconfig
+++ b/init/Kconfig

@@ -1953,10 +1953,10 @@
 	default "signing_key.priv"
 	depends on MODULE_SIG
 	help
-         Provide the file name of a private key in PKCS#8 PEM format, or
-         a PKCS#11 URI according to RFC7512. The corresponding X.509
-         certificate in DER form should be present in signing_key.x509
-         in the top-level build directory.
+         Provide the file name of a private key/certificate in PEM format,
+         or a PKCS#11 URI according to RFC7512. The file should contain, or
+         the URI should identify, both the certificate and its corresponding
+         private key.
 
          If this option is unchanged from its default "signing_key.priv",
          then the kernel will automatically generate the private key and
commit	1329e8cc69b93a0b1bc6d197b30dcff628c18dbf	[log] [tgz]
author	David Woodhouse <David.Woodhouse@intel.com>	Mon Jul 20 21:16:30 2015 +0100
committer	David Howells <dhowells@redhat.com>	Fri Aug 07 16:26:14 2015 +0100
tree	c468b5fe99777d0e5072b1bc41f43ef47253cf8e
parent	19e91b69d77bab16405cc284b451378e89a4110c [diff] [blame]