#!/bin/sh

# generate keys for kernel modules signing

if [ -z "$1" ] || [ -z "$2" ];
then
	 echo "usage: kmod-gen-cert public-key-filename.pem private-ker-filename.pem"
	 exit 1
fi

config=$(mktemp kmod-sign.XXXXX)

Exit()
{
        RETVAL=$?
        trap '' EXIT
        rm -f $config
        exit $RETVAL
}

trap "Exit " SIGHUP SIGPIPE SIGINT SIGTERM EXIT



cat >$config <<_EOF_
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts

[ req_distinguished_name ]
CN = Build time autogenerated kernel key

[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
_EOF_

openssl req -new -nodes -utf8 -sha256 -days 36500 \
                -batch -x509 -config $config \
                -outform PEM -out $1 \
                -keyout $2

