| 1 | # |
| 2 | # Makefile for the linux kernel. |
| 3 | # |
| 4 | |
| 5 | obj-y = fork.o exec_domain.o panic.o \ |
| 6 | cpu.o exit.o softirq.o resource.o \ |
| 7 | sysctl.o sysctl_binary.o capability.o ptrace.o user.o \ |
| 8 | signal.o sys.o kmod.o workqueue.o pid.o task_work.o \ |
| 9 | extable.o params.o \ |
| 10 | kthread.o sys_ni.o nsproxy.o \ |
| 11 | notifier.o ksysfs.o cred.o reboot.o \ |
| 12 | async.o range.o groups.o smpboot.o |
| 13 | |
| 14 | ifdef CONFIG_FUNCTION_TRACER |
| 15 | # Do not trace debug files and internal ftrace files |
| 16 | CFLAGS_REMOVE_cgroup-debug.o = $(CC_FLAGS_FTRACE) |
| 17 | CFLAGS_REMOVE_irq_work.o = $(CC_FLAGS_FTRACE) |
| 18 | endif |
| 19 | |
| 20 | # cond_syscall is currently not LTO compatible |
| 21 | CFLAGS_sys_ni.o = $(DISABLE_LTO) |
| 22 | |
| 23 | obj-y += sched/ |
| 24 | obj-y += locking/ |
| 25 | obj-y += power/ |
| 26 | obj-y += printk/ |
| 27 | obj-y += irq/ |
| 28 | obj-y += rcu/ |
| 29 | obj-y += livepatch/ |
| 30 | |
| 31 | obj-$(CONFIG_CHECKPOINT_RESTORE) += kcmp.o |
| 32 | obj-$(CONFIG_FREEZER) += freezer.o |
| 33 | obj-$(CONFIG_PROFILING) += profile.o |
| 34 | obj-$(CONFIG_STACKTRACE) += stacktrace.o |
| 35 | obj-y += time/ |
| 36 | obj-$(CONFIG_FUTEX) += futex.o |
| 37 | ifeq ($(CONFIG_COMPAT),y) |
| 38 | obj-$(CONFIG_FUTEX) += futex_compat.o |
| 39 | endif |
| 40 | obj-$(CONFIG_GENERIC_ISA_DMA) += dma.o |
| 41 | obj-$(CONFIG_SMP) += smp.o |
| 42 | ifneq ($(CONFIG_SMP),y) |
| 43 | obj-y += up.o |
| 44 | endif |
| 45 | obj-$(CONFIG_UID16) += uid16.o |
| 46 | obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o |
| 47 | obj-$(CONFIG_MODULES) += module.o |
| 48 | obj-$(CONFIG_MODULE_SIG) += module_signing.o |
| 49 | obj-$(CONFIG_KALLSYMS) += kallsyms.o |
| 50 | obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o |
| 51 | obj-$(CONFIG_KEXEC) += kexec.o |
| 52 | obj-$(CONFIG_BACKTRACE_SELF_TEST) += backtracetest.o |
| 53 | obj-$(CONFIG_COMPAT) += compat.o |
| 54 | obj-$(CONFIG_CGROUPS) += cgroup.o |
| 55 | obj-$(CONFIG_CGROUP_FREEZER) += cgroup_freezer.o |
| 56 | obj-$(CONFIG_CPUSETS) += cpuset.o |
| 57 | obj-$(CONFIG_UTS_NS) += utsname.o |
| 58 | obj-$(CONFIG_USER_NS) += user_namespace.o |
| 59 | obj-$(CONFIG_PID_NS) += pid_namespace.o |
| 60 | obj-$(CONFIG_IKCONFIG) += configs.o |
| 61 | obj-$(CONFIG_SMP) += stop_machine.o |
| 62 | obj-$(CONFIG_KPROBES_SANITY_TEST) += test_kprobes.o |
| 63 | obj-$(CONFIG_AUDIT) += audit.o auditfilter.o |
| 64 | obj-$(CONFIG_AUDITSYSCALL) += auditsc.o |
| 65 | obj-$(CONFIG_AUDIT_WATCH) += audit_watch.o |
| 66 | obj-$(CONFIG_AUDIT_TREE) += audit_tree.o |
| 67 | obj-$(CONFIG_GCOV_KERNEL) += gcov/ |
| 68 | obj-$(CONFIG_KPROBES) += kprobes.o |
| 69 | obj-$(CONFIG_KGDB) += debug/ |
| 70 | obj-$(CONFIG_DETECT_HUNG_TASK) += hung_task.o |
| 71 | obj-$(CONFIG_LOCKUP_DETECTOR) += watchdog.o |
| 72 | obj-$(CONFIG_SECCOMP) += seccomp.o |
| 73 | obj-$(CONFIG_RELAY) += relay.o |
| 74 | obj-$(CONFIG_SYSCTL) += utsname_sysctl.o |
| 75 | obj-$(CONFIG_TASK_DELAY_ACCT) += delayacct.o |
| 76 | obj-$(CONFIG_TASKSTATS) += taskstats.o tsacct.o |
| 77 | obj-$(CONFIG_TRACEPOINTS) += tracepoint.o |
| 78 | obj-$(CONFIG_LATENCYTOP) += latencytop.o |
| 79 | obj-$(CONFIG_BINFMT_ELF) += elfcore.o |
| 80 | obj-$(CONFIG_COMPAT_BINFMT_ELF) += elfcore.o |
| 81 | obj-$(CONFIG_BINFMT_ELF_FDPIC) += elfcore.o |
| 82 | obj-$(CONFIG_FUNCTION_TRACER) += trace/ |
| 83 | obj-$(CONFIG_TRACING) += trace/ |
| 84 | obj-$(CONFIG_TRACE_CLOCK) += trace/ |
| 85 | obj-$(CONFIG_RING_BUFFER) += trace/ |
| 86 | obj-$(CONFIG_TRACEPOINTS) += trace/ |
| 87 | obj-$(CONFIG_IRQ_WORK) += irq_work.o |
| 88 | obj-$(CONFIG_CPU_PM) += cpu_pm.o |
| 89 | obj-$(CONFIG_BPF) += bpf/ |
| 90 | |
| 91 | obj-$(CONFIG_PERF_EVENTS) += events/ |
| 92 | |
| 93 | obj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o |
| 94 | obj-$(CONFIG_PADATA) += padata.o |
| 95 | obj-$(CONFIG_CRASH_DUMP) += crash_dump.o |
| 96 | obj-$(CONFIG_JUMP_LABEL) += jump_label.o |
| 97 | obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o |
| 98 | obj-$(CONFIG_TORTURE_TEST) += torture.o |
| 99 | |
| 100 | $(obj)/configs.o: $(obj)/config_data.h |
| 101 | |
| 102 | # config_data.h contains the same information as ikconfig.h but gzipped. |
| 103 | # Info from config_data can be extracted from /proc/config* |
| 104 | targets += config_data.gz |
| 105 | $(obj)/config_data.gz: $(KCONFIG_CONFIG) FORCE |
| 106 | $(call if_changed,gzip) |
| 107 | |
| 108 | filechk_ikconfiggz = (echo "static const char kernel_config_data[] __used = MAGIC_START"; cat $< | scripts/basic/bin2c; echo "MAGIC_END;") |
| 109 | targets += config_data.h |
| 110 | $(obj)/config_data.h: $(obj)/config_data.gz FORCE |
| 111 | $(call filechk,ikconfiggz) |
| 112 | |
| 113 | ############################################################################### |
| 114 | # |
| 115 | # Roll all the X.509 certificates that we can find together and pull them into |
| 116 | # the kernel so that they get loaded into the system trusted keyring during |
| 117 | # boot. |
| 118 | # |
| 119 | # We look in the source root and the build root for all files whose name ends |
| 120 | # in ".x509". Unfortunately, this will generate duplicate filenames, so we |
| 121 | # have make canonicalise the pathnames and then sort them to discard the |
| 122 | # duplicates. |
| 123 | # |
| 124 | ############################################################################### |
| 125 | ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) |
| 126 | X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509) |
| 127 | X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(objtree)/signing_key.x509 |
| 128 | X509_CERTIFICATES-raw := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \ |
| 129 | $(or $(realpath $(CERT)),$(CERT)))) |
| 130 | X509_CERTIFICATES := $(subst $(realpath $(objtree))/,,$(X509_CERTIFICATES-raw)) |
| 131 | |
| 132 | ifeq ($(X509_CERTIFICATES),) |
| 133 | $(warning *** No X.509 certificates found ***) |
| 134 | endif |
| 135 | |
| 136 | ifneq ($(wildcard $(obj)/.x509.list),) |
| 137 | ifneq ($(shell cat $(obj)/.x509.list),$(X509_CERTIFICATES)) |
| 138 | $(info X.509 certificate list changed) |
| 139 | $(shell rm $(obj)/.x509.list) |
| 140 | endif |
| 141 | endif |
| 142 | |
| 143 | kernel/system_certificates.o: $(obj)/x509_certificate_list |
| 144 | |
| 145 | quiet_cmd_x509certs = CERTS $@ |
| 146 | cmd_x509certs = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; $(kecho) " - Including cert $(X509)") |
| 147 | |
| 148 | targets += $(obj)/x509_certificate_list |
| 149 | $(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list |
| 150 | $(call if_changed,x509certs) |
| 151 | |
| 152 | targets += $(obj)/.x509.list |
| 153 | $(obj)/.x509.list: |
| 154 | @echo $(X509_CERTIFICATES) >$@ |
| 155 | endif |
| 156 | |
| 157 | clean-files := x509_certificate_list .x509.list |
| 158 | |
| 159 | ifeq ($(CONFIG_MODULE_SIG),y) |
| 160 | ############################################################################### |
| 161 | # |
| 162 | # If module signing is requested, say by allyesconfig, but a key has not been |
| 163 | # supplied, then one will need to be generated to make sure the build does not |
| 164 | # fail and that the kernel may be used afterwards. |
| 165 | # |
| 166 | ############################################################################### |
| 167 | ifndef CONFIG_MODULE_SIG_HASH |
| 168 | $(error Could not determine digest type to use from kernel config) |
| 169 | endif |
| 170 | |
| 171 | signing_key.priv signing_key.x509: x509.genkey |
| 172 | @echo "###" |
| 173 | @echo "### Now generating an X.509 key pair to be used for signing modules." |
| 174 | @echo "###" |
| 175 | @echo "### If this takes a long time, you might wish to run rngd in the" |
| 176 | @echo "### background to keep the supply of entropy topped up. It" |
| 177 | @echo "### needs to be run as root, and uses a hardware random" |
| 178 | @echo "### number generator if one is available." |
| 179 | @echo "###" |
| 180 | openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \ |
| 181 | -batch -x509 -config x509.genkey \ |
| 182 | -outform DER -out signing_key.x509 \ |
| 183 | -keyout signing_key.priv 2>&1 |
| 184 | @echo "###" |
| 185 | @echo "### Key pair generated." |
| 186 | @echo "###" |
| 187 | |
| 188 | x509.genkey: |
| 189 | @echo Generating X.509 key generation config |
| 190 | @echo >x509.genkey "[ req ]" |
| 191 | @echo >>x509.genkey "default_bits = 4096" |
| 192 | @echo >>x509.genkey "distinguished_name = req_distinguished_name" |
| 193 | @echo >>x509.genkey "prompt = no" |
| 194 | @echo >>x509.genkey "string_mask = utf8only" |
| 195 | @echo >>x509.genkey "x509_extensions = myexts" |
| 196 | @echo >>x509.genkey |
| 197 | @echo >>x509.genkey "[ req_distinguished_name ]" |
| 198 | @echo >>x509.genkey "O = Magrathea" |
| 199 | @echo >>x509.genkey "CN = Glacier signing key" |
| 200 | @echo >>x509.genkey "emailAddress = slartibartfast@magrathea.h2g2" |
| 201 | @echo >>x509.genkey |
| 202 | @echo >>x509.genkey "[ myexts ]" |
| 203 | @echo >>x509.genkey "basicConstraints=critical,CA:FALSE" |
| 204 | @echo >>x509.genkey "keyUsage=digitalSignature" |
| 205 | @echo >>x509.genkey "subjectKeyIdentifier=hash" |
| 206 | @echo >>x509.genkey "authorityKeyIdentifier=keyid" |
| 207 | endif |