bin2c: move bin2c in scripts/basic

This patch series does not do kernel signature verification yet.  I plan
to post another patch series for that.  Now distributions are already
signing PE/COFF bzImage with PKCS7 signature I plan to parse and verify
those signatures.

Primary goal of this patchset is to prepare groundwork so that kernel
image can be signed and signatures be verified during kexec load.  This
should help with two things.

- It should allow kexec/kdump on secureboot enabled machines.

- In general it can help even without secureboot. By being able to verify
  kernel image signature in kexec, it should help with avoiding module
  signing restrictions. Matthew Garret showed how to boot into a custom
  kernel, modify first kernel's memory and then jump back to old kernel and
  bypass any policy one wants to.

This patch (of 15):

Kexec wants to use bin2c and it wants to use it really early in the build
process. See arch/x86/purgatory/ code in later patches.

So move bin2c in scripts/basic so that it can be built very early and
be usable by arch/x86/purgatory/

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/kernel/Makefile b/kernel/Makefile
index 0026cf5317690c9df47d38222db5df16ab8e9bf1..dc5c77544fd69f6924adc25c3f4a8d3530708392 100644 (file)
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -105,7 +105,7 @@ targets += config_data.gz
 $(obj)/config_data.gz: $(KCONFIG_CONFIG) FORCE
        $(call if_changed,gzip)
 
-      filechk_ikconfiggz = (echo "static const char kernel_config_data[] __used = MAGIC_START"; cat $< | scripts/bin2c; echo "MAGIC_END;")
+      filechk_ikconfiggz = (echo "static const char kernel_config_data[] __used = MAGIC_START"; cat $< | scripts/basic/bin2c; echo "MAGIC_END;")
 targets += config_data.h
 $(obj)/config_data.h: $(obj)/config_data.gz FORCE
        $(call filechk,ikconfiggz)

diff --git a/scripts/.gitignore b/scripts/.gitignore
index fb070fa1038feb51e47db9c4ec807ee328fe6364..5ecfe93f2028712afa413dba6f67c72e1ce0930e 100644 (file)
--- a/scripts/.gitignore
+++ b/scripts/.gitignore
@@ -4,7 +4,6 @@
 conmakehash
 kallsyms
 pnmtologo
-bin2c
 unifdef
 ihex2fw
 recordmcount

diff --git a/scripts/Makefile b/scripts/Makefile
index 890df5c6adfbc16769a4abcb27bb3860fc625e71..72902b5f27213696604f077bc8ad78e8f82d9bd0 100644 (file)
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -13,7 +13,6 @@ HOST_EXTRACFLAGS += -I$(srctree)/tools/include
 hostprogs-$(CONFIG_KALLSYMS)     += kallsyms
 hostprogs-$(CONFIG_LOGO)         += pnmtologo
 hostprogs-$(CONFIG_VT)           += conmakehash
-hostprogs-$(CONFIG_IKCONFIG)     += bin2c
 hostprogs-$(BUILD_C_RECORDMCOUNT) += recordmcount
 hostprogs-$(CONFIG_BUILDTIME_EXTABLE_SORT) += sortextable
 hostprogs-$(CONFIG_ASN1)        += asn1_compiler

diff --git a/scripts/basic/.gitignore b/scripts/basic/.gitignore
index a776371a350243330b14dc87b636146ba4ef2b16..9528ec9e5adc4a89e901f3e9cdfe6140f8452573 100644 (file)
--- a/scripts/basic/.gitignore
+++ b/scripts/basic/.gitignore
@@ -1 +1,2 @@
 fixdep
+bin2c

diff --git a/scripts/basic/Makefile b/scripts/basic/Makefile
index 4fcef87bb8759894435a395224c7d92cd7a14214..afbc1cd69ac5f30bcc4c93173215818dc9e169ba 100644 (file)
--- a/scripts/basic/Makefile
+++ b/scripts/basic/Makefile
@@ -9,6 +9,7 @@
 # fixdep:       Used to generate dependency information during build process
 
 hostprogs-y    := fixdep
+hostprogs-$(CONFIG_IKCONFIG)     += bin2c
 always         := $(hostprogs-y)
 
 # fixdep is needed to compile other host programs

diff --git a/scripts/basic/bin2c.c b/scripts/basic/bin2c.c
new file mode 100644 (file)
index 0000000..af187e6
--- /dev/null
+++ b/scripts/basic/bin2c.c
@@ -0,0 +1,35 @@
+/*
+ * Unloved program to convert a binary on stdin to a C include on stdout
+ *
+ * Jan 1999 Matt Mackall <mpm@selenic.com>
+ *
+ * This software may be used and distributed according to the terms
+ * of the GNU General Public License, incorporated herein by reference.
+ */
+
+#include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+       int ch, total = 0;
+
+       if (argc > 1)
+               printf("const char %s[] %s=\n",
+                       argv[1], argc > 2 ? argv[2] : "");
+
+       do {
+               printf("\t\"");
+               while ((ch = getchar()) != EOF) {
+                       total++;
+                       printf("\\x%02x", ch);
+                       if (total % 16 == 0)
+                               break;
+               }
+               printf("\"\n");
+       } while (ch != EOF);
+
+       if (argc > 1)
+               printf("\t;\n\nconst int %s_size = %d;\n", argv[1], total);
+
+       return 0;
+}

diff --git a/scripts/bin2c.c b/scripts/bin2c.c
deleted file mode 100644 (file)
index 96dd2bc..0000000
--- a/scripts/bin2c.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Unloved program to convert a binary on stdin to a C include on stdout
- *
- * Jan 1999 Matt Mackall <mpm@selenic.com>
- *
- * This software may be used and distributed according to the terms
- * of the GNU General Public License, incorporated herein by reference.
- */
-
-#include <stdio.h>
-
-int main(int argc, char *argv[])
-{
-       int ch, total=0;
-
-       if (argc > 1)
-               printf("const char %s[] %s=\n",
-                       argv[1], argc > 2 ? argv[2] : "");
-
-       do {
-               printf("\t\"");
-               while ((ch = getchar()) != EOF)
-               {
-                       total++;
-                       printf("\\x%02x",ch);
-                       if (total % 16 == 0)
-                               break;
-               }
-               printf("\"\n");
-       } while (ch != EOF);
-
-       if (argc > 1)
-               printf("\t;\n\nconst int %s_size = %d;\n", argv[1], total);
-
-       return 0;
-}