summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichal Marek <mmarek@suse.cz>2013-01-25 13:41:31 +1030
committerRusty Russell <rusty@rustcorp.com.au>2013-01-25 16:55:37 +1030
commitd9d8d7ed498ec65bea72dd24be7b9cd35af0c200 (patch)
treed2d9721c2e64a941f22a7c4a4611a53155d9ec36
parent1c37c054a7493e0537ea3d15a59dac3a0aa63a05 (diff)
downloadop-kernel-dev-d9d8d7ed498ec65bea72dd24be7b9cd35af0c200.zip
op-kernel-dev-d9d8d7ed498ec65bea72dd24be7b9cd35af0c200.tar.gz
MODSIGN: Add option to not sign modules during modules_install
To allow the builder to sign only a subset of modules, or to sign the modules using a key that is not available on the build machine, add CONFIG_MODULE_SIG_ALL. If this option is unset, no modules will be signed during build. The default is 'y', to preserve the current behavior. Signed-off-by: Michal Marek <mmarek@suse.cz> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
-rw-r--r--Makefile2
-rw-r--r--init/Kconfig11
2 files changed, 12 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index 77ea707..8e9f9ef 100644
--- a/Makefile
+++ b/Makefile
@@ -719,7 +719,7 @@ endif # INSTALL_MOD_STRIP
export mod_strip_cmd
-ifeq ($(CONFIG_MODULE_SIG),y)
+ifdef CONFIG_MODULE_SIG_ALL
MODSECKEY = ./signing_key.priv
MODPUBKEY = ./signing_key.x509
export MODPUBKEY
diff --git a/init/Kconfig b/init/Kconfig
index fff4cb1..88f334f 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1665,6 +1665,17 @@ config MODULE_SIG_FORCE
Reject unsigned modules or signed modules for which we don't have a
key. Without this, such modules will simply taint the kernel.
+config MODULE_SIG_ALL
+ bool "Automatically sign all modules"
+ default y
+ depends on MODULE_SIG
+ help
+ Sign all modules during make modules_install. Without this option,
+ modules must be signed manually, using the scripts/sign-file tool.
+
+comment "Do not forget to sign required modules with scripts/sign-file"
+ depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+
choice
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
OpenPOWER on IntegriCloud