The module-signing.txt documentation states that the kernel will use an existing x.509 key pair for module signing should they exist in the root of the source tree. However, user provided signing keys are overwritten during build if the last-modified times on the key pair don't align with what make expects. This patch explicitly checks for the existence of the signing key files, skipping key generation should they exist. Signed-off-by: Abelardo Ricart III <aricart@xxxxxxxxxx> --- diff --git a/kernel/Makefile b/kernel/Makefile index 1408b33..6b8f292 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -168,6 +168,9 @@ ifndef CONFIG_MODULE_SIG_HASH $(error Could not determine digest type to use from kernel config) endif +ifneq ("$(wildcard $(srctree)/signing_key.priv)","") +ifneq ("$(wildcard $(srctree)/signing_key.x509)","") +$(warning *** X.509 module signing key pair not found in root of source tree ***) signing_key.priv signing_key.x509: x509.genkey @echo "###" @echo "### Now generating an X.509 key pair to be used for signing modules." @@ -184,6 +187,8 @@ signing_key.priv signing_key.x509: x509.genkey @echo "###" @echo "### Key pair generated." @echo "###" +endif +endif x509.genkey: @echo Generating X.509 key generation config -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html