11da177e4SLinus Torvalds# 21da177e4SLinus Torvalds# Makefile for the linux kernel. 31da177e4SLinus Torvalds# 41da177e4SLinus Torvalds 5b9ee979eSJoe Perchesobj-y = fork.o exec_domain.o panic.o \ 6*5cee9645SThomas Gleixner cpu.o exit.o softirq.o resource.o \ 7*5cee9645SThomas Gleixner sysctl.o sysctl_binary.o capability.o ptrace.o user.o \ 8e73f8959SOleg Nesterov signal.o sys.o kmod.o workqueue.o pid.o task_work.o \ 9*5cee9645SThomas Gleixner extable.o params.o \ 10*5cee9645SThomas Gleixner kthread.o sys_ni.o nsproxy.o \ 1115d94b82SRobin Holt notifier.o ksysfs.o cred.o reboot.o \ 12cd4d241dSPeter Zijlstra async.o range.o groups.o smpboot.o 13029632fbSPeter Zijlstra 14606576ceSSteven Rostedtifdef CONFIG_FUNCTION_TRACER 156ec56232SSteven Rostedt# Do not trace debug files and internal ftrace files 166ec56232SSteven RostedtCFLAGS_REMOVE_cgroup-debug.o = -pg 17e360adbeSPeter ZijlstraCFLAGS_REMOVE_irq_work.o = -pg 181d09daa5SSteven Rostedtendif 191d09daa5SSteven Rostedt 2058edae3aSAndi Kleen# cond_syscall is currently not LTO compatible 2158edae3aSAndi KleenCFLAGS_sys_ni.o = $(DISABLE_LTO) 2258edae3aSAndi Kleen 23391e43daSPeter Zijlstraobj-y += sched/ 2401768b42SPeter Zijlstraobj-y += locking/ 25dae5cbc2SRafael J. Wysockiobj-y += power/ 26b9ee979eSJoe Perchesobj-y += printk/ 270244ad00SMartin Schwidefskyobj-y += irq/ 284102adabSPaul E. McKenneyobj-y += rcu/ 29391e43daSPeter Zijlstra 301e142b29SCyrill Gorcunovobj-$(CONFIG_CHECKPOINT_RESTORE) += kcmp.o 318174f150SMatt Helsleyobj-$(CONFIG_FREEZER) += freezer.o 32b03f6489SAdrian Bunkobj-$(CONFIG_PROFILING) += profile.o 338637c099SIngo Molnarobj-$(CONFIG_STACKTRACE) += stacktrace.o 34ad596171Sjohn stultzobj-y += time/ 351da177e4SLinus Torvaldsobj-$(CONFIG_FUTEX) += futex.o 3634f192c6SIngo Molnarifeq ($(CONFIG_COMPAT),y) 3734f192c6SIngo Molnarobj-$(CONFIG_FUTEX) += futex_compat.o 3834f192c6SIngo Molnarendif 391da177e4SLinus Torvaldsobj-$(CONFIG_GENERIC_ISA_DMA) += dma.o 40351f8f8eSAmerigo Wangobj-$(CONFIG_SMP) += smp.o 419316fcacSAndrew Mortonifneq ($(CONFIG_SMP),y) 4253ce3d95SAndrew Mortonobj-y += up.o 4353ce3d95SAndrew Mortonendif 441da177e4SLinus Torvaldsobj-$(CONFIG_UID16) += uid16.o 45b56e5a17SDavid Howellsobj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o 461da177e4SLinus Torvaldsobj-$(CONFIG_MODULES) += module.o 47b56e5a17SDavid Howellsobj-$(CONFIG_MODULE_SIG) += module_signing.o 481da177e4SLinus Torvaldsobj-$(CONFIG_KALLSYMS) += kallsyms.o 491da177e4SLinus Torvaldsobj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o 50dc009d92SEric W. Biedermanobj-$(CONFIG_KEXEC) += kexec.o 516dab2778SArjan van de Venobj-$(CONFIG_BACKTRACE_SELF_TEST) += backtracetest.o 521da177e4SLinus Torvaldsobj-$(CONFIG_COMPAT) += compat.o 53ddbcc7e8SPaul Menageobj-$(CONFIG_CGROUPS) += cgroup.o 54dc52ddc0SMatt Helsleyobj-$(CONFIG_CGROUP_FREEZER) += cgroup_freezer.o 551da177e4SLinus Torvaldsobj-$(CONFIG_CPUSETS) += cpuset.o 56aee16ce7SPavel Emelyanovobj-$(CONFIG_UTS_NS) += utsname.o 57aee16ce7SPavel Emelyanovobj-$(CONFIG_USER_NS) += user_namespace.o 5874bd59bbSPavel Emelyanovobj-$(CONFIG_PID_NS) += pid_namespace.o 591da177e4SLinus Torvaldsobj-$(CONFIG_IKCONFIG) += configs.o 60e552b661SPavel Emelianovobj-$(CONFIG_RESOURCE_COUNTERS) += res_counter.o 61bbf1bb3eSTejun Heoobj-$(CONFIG_SMP) += stop_machine.o 628c1c9356SAnanth N Mavinakayanahalliobj-$(CONFIG_KPROBES_SANITY_TEST) += test_kprobes.o 63939a67fcSEric Parisobj-$(CONFIG_AUDIT) += audit.o auditfilter.o 641da177e4SLinus Torvaldsobj-$(CONFIG_AUDITSYSCALL) += auditsc.o 65939a67fcSEric Parisobj-$(CONFIG_AUDIT_WATCH) += audit_watch.o 6674c3cbe3SAl Viroobj-$(CONFIG_AUDIT_TREE) += audit_tree.o 67939a67fcSEric Parisobj-$(CONFIG_GCOV_KERNEL) += gcov/ 681da177e4SLinus Torvaldsobj-$(CONFIG_KPROBES) += kprobes.o 69c4338209SJason Wesselobj-$(CONFIG_KGDB) += debug/ 70e162b39aSMandeep Singh Bainesobj-$(CONFIG_DETECT_HUNG_TASK) += hung_task.o 7158687acbSDon Zickusobj-$(CONFIG_LOCKUP_DETECTOR) += watchdog.o 721da177e4SLinus Torvaldsobj-$(CONFIG_SECCOMP) += seccomp.o 73b86ff981SJens Axboeobj-$(CONFIG_RELAY) += relay.o 7439732acdSEric W. Biedermanobj-$(CONFIG_SYSCTL) += utsname_sysctl.o 75ca74e92bSShailabh Nagarobj-$(CONFIG_TASK_DELAY_ACCT) += delayacct.o 76f3cef7a9SJay Lanobj-$(CONFIG_TASKSTATS) += taskstats.o tsacct.o 7797e1c18eSMathieu Desnoyersobj-$(CONFIG_TRACEPOINTS) += tracepoint.o 789745512cSArjan van de Venobj-$(CONFIG_LATENCYTOP) += latencytop.o 791fcccbacSDaisuke HATAYAMAobj-$(CONFIG_BINFMT_ELF) += elfcore.o 801fcccbacSDaisuke HATAYAMAobj-$(CONFIG_COMPAT_BINFMT_ELF) += elfcore.o 811fcccbacSDaisuke HATAYAMAobj-$(CONFIG_BINFMT_ELF_FDPIC) += elfcore.o 82606576ceSSteven Rostedtobj-$(CONFIG_FUNCTION_TRACER) += trace/ 83bc0c38d1SSteven Rostedtobj-$(CONFIG_TRACING) += trace/ 84ea632e9fSJosh Triplettobj-$(CONFIG_TRACE_CLOCK) += trace/ 851155de47SPaul Mundtobj-$(CONFIG_RING_BUFFER) += trace/ 86870915e0SMathieu Desnoyersobj-$(CONFIG_TRACEPOINTS) += trace/ 87e360adbeSPeter Zijlstraobj-$(CONFIG_IRQ_WORK) += irq_work.o 88ab10023eSColin Crossobj-$(CONFIG_CPU_PM) += cpu_pm.o 89fae85b7cSBorislav Petkov 90fae85b7cSBorislav Petkovobj-$(CONFIG_PERF_EVENTS) += events/ 91fae85b7cSBorislav Petkov 927a041097SAvi Kivityobj-$(CONFIG_USER_RETURN_NOTIFIER) += user-return-notifier.o 9316295becSSteffen Klassertobj-$(CONFIG_PADATA) += padata.o 9493a72052SOlaf Heringobj-$(CONFIG_CRASH_DUMP) += crash_dump.o 95b77f0f3cSJason Baronobj-$(CONFIG_JUMP_LABEL) += jump_label.o 9691d1aa43SFrederic Weisbeckerobj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o 9751b1130eSPaul E. McKenneyobj-$(CONFIG_TORTURE_TEST) += torture.o 981da177e4SLinus Torvalds 991da177e4SLinus Torvalds$(obj)/configs.o: $(obj)/config_data.h 1001da177e4SLinus Torvalds 1011da177e4SLinus Torvalds# config_data.h contains the same information as ikconfig.h but gzipped. 1021da177e4SLinus Torvalds# Info from config_data can be extracted from /proc/config* 1031da177e4SLinus Torvaldstargets += config_data.gz 10441263fc6SBen Gardiner$(obj)/config_data.gz: $(KCONFIG_CONFIG) FORCE 1051da177e4SLinus Torvalds $(call if_changed,gzip) 1061da177e4SLinus Torvalds 107e78e8f2dSPeter Foley filechk_ikconfiggz = (echo "static const char kernel_config_data[] __used = MAGIC_START"; cat $< | scripts/bin2c; echo "MAGIC_END;") 1081da177e4SLinus Torvaldstargets += config_data.h 1091da177e4SLinus Torvalds$(obj)/config_data.h: $(obj)/config_data.gz FORCE 110e78e8f2dSPeter Foley $(call filechk,ikconfiggz) 111bdc80787SH. Peter Anvin 112f0e6d220SDavid Howells############################################################################### 113631cc66eSDavid Howells# 1140fbd39cfSDavid Howells# Roll all the X.509 certificates that we can find together and pull them into 115b56e5a17SDavid Howells# the kernel so that they get loaded into the system trusted keyring during 116b56e5a17SDavid Howells# boot. 1170fbd39cfSDavid Howells# 1180fbd39cfSDavid Howells# We look in the source root and the build root for all files whose name ends 1190fbd39cfSDavid Howells# in ".x509". Unfortunately, this will generate duplicate filenames, so we 1200fbd39cfSDavid Howells# have make canonicalise the pathnames and then sort them to discard the 1210fbd39cfSDavid Howells# duplicates. 122631cc66eSDavid Howells# 123f0e6d220SDavid Howells############################################################################### 124b56e5a17SDavid Howellsifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) 125f0e6d220SDavid HowellsX509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509) 126d7ec435fSDavid HowellsX509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(objtree)/signing_key.x509 127d7ec435fSDavid HowellsX509_CERTIFICATES-raw := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \ 1280fbd39cfSDavid Howells $(or $(realpath $(CERT)),$(CERT)))) 129d7ec435fSDavid HowellsX509_CERTIFICATES := $(subst $(realpath $(objtree))/,,$(X509_CERTIFICATES-raw)) 130631cc66eSDavid Howells 131f0e6d220SDavid Howellsifeq ($(X509_CERTIFICATES),) 132f0e6d220SDavid Howells$(warning *** No X.509 certificates found ***) 133f0e6d220SDavid Howellsendif 134e10e1774SMichal Marek 135f0e6d220SDavid Howellsifneq ($(wildcard $(obj)/.x509.list),) 136f0e6d220SDavid Howellsifneq ($(shell cat $(obj)/.x509.list),$(X509_CERTIFICATES)) 137f0e6d220SDavid Howells$(info X.509 certificate list changed) 138f0e6d220SDavid Howells$(shell rm $(obj)/.x509.list) 139f0e6d220SDavid Howellsendif 140f0e6d220SDavid Howellsendif 141631cc66eSDavid Howells 142b56e5a17SDavid Howellskernel/system_certificates.o: $(obj)/x509_certificate_list 143f0e6d220SDavid Howells 144f0e6d220SDavid Howellsquiet_cmd_x509certs = CERTS $@ 145b56e5a17SDavid Howells cmd_x509certs = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; echo " - Including cert $(X509)") 146b56e5a17SDavid Howells 147f0e6d220SDavid Howellstargets += $(obj)/x509_certificate_list 148f0e6d220SDavid Howells$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list 149f0e6d220SDavid Howells $(call if_changed,x509certs) 150f0e6d220SDavid Howells 151f0e6d220SDavid Howellstargets += $(obj)/.x509.list 152f0e6d220SDavid Howells$(obj)/.x509.list: 153f0e6d220SDavid Howells @echo $(X509_CERTIFICATES) >$@ 154f46a3cbbSKirill Tkhaiendif 155f0e6d220SDavid Howells 156f0e6d220SDavid Howellsclean-files := x509_certificate_list .x509.list 157d441108cSDavid Howells 158bdc80787SH. Peter Anvinifeq ($(CONFIG_MODULE_SIG),y) 159d441108cSDavid Howells############################################################################### 160d441108cSDavid Howells# 161d441108cSDavid Howells# If module signing is requested, say by allyesconfig, but a key has not been 162d441108cSDavid Howells# supplied, then one will need to be generated to make sure the build does not 163d441108cSDavid Howells# fail and that the kernel may be used afterwards. 164d441108cSDavid Howells# 165d441108cSDavid Howells############################################################################### 16622753674SMichal Marekifndef CONFIG_MODULE_SIG_HASH 1675e8cb1e4SDavid Howells$(error Could not determine digest type to use from kernel config) 1685e8cb1e4SDavid Howellsendif 1695e8cb1e4SDavid Howells 170d441108cSDavid Howellssigning_key.priv signing_key.x509: x509.genkey 171d441108cSDavid Howells @echo "###" 172d441108cSDavid Howells @echo "### Now generating an X.509 key pair to be used for signing modules." 173d441108cSDavid Howells @echo "###" 174d441108cSDavid Howells @echo "### If this takes a long time, you might wish to run rngd in the" 175d441108cSDavid Howells @echo "### background to keep the supply of entropy topped up. It" 1762008713cSH. Peter Anvin @echo "### needs to be run as root, and uses a hardware random" 1772008713cSH. Peter Anvin @echo "### number generator if one is available." 178d441108cSDavid Howells @echo "###" 17922753674SMichal Marek openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \ 18022753674SMichal Marek -batch -x509 -config x509.genkey \ 181d441108cSDavid Howells -outform DER -out signing_key.x509 \ 18207c449bbSDavid Cohen -keyout signing_key.priv 2>&1 183d441108cSDavid Howells @echo "###" 184d441108cSDavid Howells @echo "### Key pair generated." 185d441108cSDavid Howells @echo "###" 186d441108cSDavid Howells 187d441108cSDavid Howellsx509.genkey: 188d441108cSDavid Howells @echo Generating X.509 key generation config 189d441108cSDavid Howells @echo >x509.genkey "[ req ]" 190d441108cSDavid Howells @echo >>x509.genkey "default_bits = 4096" 191d441108cSDavid Howells @echo >>x509.genkey "distinguished_name = req_distinguished_name" 192d441108cSDavid Howells @echo >>x509.genkey "prompt = no" 193e7d113bcSDavid Howells @echo >>x509.genkey "string_mask = utf8only" 194d441108cSDavid Howells @echo >>x509.genkey "x509_extensions = myexts" 195d441108cSDavid Howells @echo >>x509.genkey 196d441108cSDavid Howells @echo >>x509.genkey "[ req_distinguished_name ]" 197d441108cSDavid Howells @echo >>x509.genkey "O = Magrathea" 198d441108cSDavid Howells @echo >>x509.genkey "CN = Glacier signing key" 199d441108cSDavid Howells @echo >>x509.genkey "emailAddress = slartibartfast@magrathea.h2g2" 200d441108cSDavid Howells @echo >>x509.genkey 201d441108cSDavid Howells @echo >>x509.genkey "[ myexts ]" 202d441108cSDavid Howells @echo >>x509.genkey "basicConstraints=critical,CA:FALSE" 203d441108cSDavid Howells @echo >>x509.genkey "keyUsage=digitalSignature" 204d441108cSDavid Howells @echo >>x509.genkey "subjectKeyIdentifier=hash" 205d441108cSDavid Howells @echo >>x509.genkey "authorityKeyIdentifier=keyid" 206d441108cSDavid Howellsendif 207