[PATCH v6,3/4] modsign: Add codeSigning EKU when generating X.509 key generation config
From: Lee, Chun-Yi
Date: Thu Apr 29 2021 - 03:30:23 EST
Add codeSigning EKU to the X.509 key generation config for the build time
autogenerated kernel key.
Signed-off-by: "Lee, Chun-Yi" <jlee@xxxxxxxx>
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index b6db52ebf0be..d9515d68778f 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -89,6 +89,7 @@ $(obj)/x509.genkey:
@echo >>$@ "keyUsage=digitalSignature"
@echo >>$@ "subjectKeyIdentifier=hash"
@echo >>$@ "authorityKeyIdentifier=keyid"
+ @echo >>$@ "extendedKeyUsage=codeSigning"
endif # CONFIG_MODULE_SIG_KEY
$(eval $(call config_filename,MODULE_SIG_KEY))
--
2.16.4