diff options
| author | Mickaël Salaün <mic@linux.microsoft.com> | 2021-07-12 19:03:09 +0200 |
|---|---|---|
| committer | Jarkko Sakkinen <jarkko@kernel.org> | 2022-05-23 18:47:49 +0300 |
| commit | 58d416351e6df1a41d415958ccdd8eb9c2173fed (patch) | |
| tree | 9d6d6733a7358b8039670389504bdb14ef5d682b /security/integrity/platform_certs/keyring_handler.c | |
| parent | 4b0986a3613c92f4ec1bdc7f60ec66fea135991f (diff) | |
| download | linux-58d416351e6df1a41d415958ccdd8eb9c2173fed.tar.gz | |
tools/certs: Add print-cert-tbs-hash.sh
Add a new helper print-cert-tbs-hash.sh to generate a TBSCertificate
hash from a given certificate. This is useful to generate a blacklist
key description used to forbid loading a specific certificate in a
keyring, or to invalidate a certificate provided by a PKCS#7 file.
This kind of hash formatting is required to populate the file pointed
out by CONFIG_SYSTEM_BLACKLIST_HASH_LIST, but only the kernel code was
available to understand how to effectively create such hash.
Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Eric Snowberg <eric.snowberg@oracle.com>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Link: https://lore.kernel.org/r/20210712170313.884724-2-mic@digikod.net
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'security/integrity/platform_certs/keyring_handler.c')
0 files changed, 0 insertions, 0 deletions