scst/scst/src/certs/Makefile - backupdr - Git at Google

 CONFIG_MODULE_SIG_HASH := $(shell sed -n 's/^CONFIG_MODULE_SIG_HASH="\([^"]*\)"$$/\1/p' "$(KDIR)/.config" | { read -r line; [ -n "$$line" ] && echo "$$line" || echo sha256; })

 all: $(shell grep -q '^CONFIG_MODULE_SIG=y$$' "$(KDIR)/.config" &&	\
 	echo module_signing_enabled)

 module_signing_enabled: scst_module_key.der scst_module_key.priv

 scst_module_key.der scst_module_key.priv: x509.genkey
 	openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 365000 \
 		-batch -x509 -config $< -outform DER -out scst_module_key.der \
 		-keyout scst_module_key.priv
 	# override those signing keys with the keys generated at kernel build time
 	openssl x509 -in "${KERNEL_FILES}/signing_key.pem" -out scst_module_key.der -outform DER
 	openssl pkey -in "${KERNEL_FILES}/signing_key.pem" -out scst_module_key.priv
 	chmod 600 $@

 .PHONY: module_signing_enabled
	CONFIG_MODULE_SIG_HASH := $(shell sed -n 's/^CONFIG_MODULE_SIG_HASH="\([^"]*\)"$$/\1/p' "$(KDIR)/.config" \| { read -r line; [ -n "$$line" ] && echo "$$line" \|\| echo sha256; })

	all: $(shell grep -q '^CONFIG_MODULE_SIG=y$$' "$(KDIR)/.config" && \
	echo module_signing_enabled)

	module_signing_enabled: scst_module_key.der scst_module_key.priv

	scst_module_key.der scst_module_key.priv: x509.genkey
	openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 365000 \
	-batch -x509 -config $< -outform DER -out scst_module_key.der \
	-keyout scst_module_key.priv
	# override those signing keys with the keys generated at kernel build time
	openssl x509 -in "${KERNEL_FILES}/signing_key.pem" -out scst_module_key.der -outform DER
	openssl pkey -in "${KERNEL_FILES}/signing_key.pem" -out scst_module_key.priv
	chmod 600 $@

	.PHONY: module_signing_enabled