> On Nov 25, 2016, at 4:06 AM, David Howells <dhowe...@redhat.com> wrote: > > Mehmet Kayaalp <mkaya...@linux.vnet.ibm.com> wrote: > >> Include a random filled binary in vmlinux at the space reserved with >> CONFIG_SYSTEM_EXTRA_CERTIFICATE. This results in an uncompressed reserved >> area inside the bzImage as well, so that it can be replaced with an actual >> certificate later (after the bzImage is distributed). > > You haven't said *why* you need an incompressible buffer. I presume it's > something to do with the decompression wrapper. >
After you replace zeroes with a certificate and compress again, the image size increases. Then, repackaging the bzImage becomes difficult. >From the commit message of 3/4: > This patch adds the capability of extracting the > vmlinux, inserting the certificate, and repackaging the result into a > bzImage. > > It only works if the resulting compressed vmlinux is smaller than the > original. Otherwise re-linking would be required. To make the reserved > space allocate actual space in bzImage, incompressible bytes are > inserted into the vmlinux as a placeholder for the extra certificate. Mehmet
