summaryrefslogtreecommitdiff
path: root/security/integrity/platform_certs/keyring_handler.c
diff options
context:
space:
mode:
authorMickaël Salaün <mic@linux.microsoft.com>2021-07-12 19:03:09 +0200
committerJarkko Sakkinen <jarkko@kernel.org>2022-05-23 18:47:49 +0300
commit58d416351e6df1a41d415958ccdd8eb9c2173fed (patch)
tree9d6d6733a7358b8039670389504bdb14ef5d682b /security/integrity/platform_certs/keyring_handler.c
parent4b0986a3613c92f4ec1bdc7f60ec66fea135991f (diff)
downloadlinux-58d416351e6df1a41d415958ccdd8eb9c2173fed.tar.gz
tools/certs: Add print-cert-tbs-hash.sh
Add a new helper print-cert-tbs-hash.sh to generate a TBSCertificate hash from a given certificate. This is useful to generate a blacklist key description used to forbid loading a specific certificate in a keyring, or to invalidate a certificate provided by a PKCS#7 file. This kind of hash formatting is required to populate the file pointed out by CONFIG_SYSTEM_BLACKLIST_HASH_LIST, but only the kernel code was available to understand how to effectively create such hash. Cc: David Howells <dhowells@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Eric Snowberg <eric.snowberg@oracle.com> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Link: https://lore.kernel.org/r/20210712170313.884724-2-mic@digikod.net Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'security/integrity/platform_certs/keyring_handler.c')
0 files changed, 0 insertions, 0 deletions