提交 d9d8d7ed 编写于 作者: M Michal Marek 提交者: Rusty Russell

MODSIGN: Add option to not sign modules during modules_install

To allow the builder to sign only a subset of modules, or to sign the
modules using a key that is not available on the build machine, add
CONFIG_MODULE_SIG_ALL. If this option is unset, no modules will be
signed during build. The default is 'y', to preserve the current
behavior.
Signed-off-by: NMichal Marek <mmarek@suse.cz>
Acked-by: NDavid Howells <dhowells@redhat.com>
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
上级 1c37c054
...@@ -719,7 +719,7 @@ endif # INSTALL_MOD_STRIP ...@@ -719,7 +719,7 @@ endif # INSTALL_MOD_STRIP
export mod_strip_cmd export mod_strip_cmd
ifeq ($(CONFIG_MODULE_SIG),y) ifdef CONFIG_MODULE_SIG_ALL
MODSECKEY = ./signing_key.priv MODSECKEY = ./signing_key.priv
MODPUBKEY = ./signing_key.x509 MODPUBKEY = ./signing_key.x509
export MODPUBKEY export MODPUBKEY
......
...@@ -1665,6 +1665,17 @@ config MODULE_SIG_FORCE ...@@ -1665,6 +1665,17 @@ config MODULE_SIG_FORCE
Reject unsigned modules or signed modules for which we don't have a Reject unsigned modules or signed modules for which we don't have a
key. Without this, such modules will simply taint the kernel. key. Without this, such modules will simply taint the kernel.
config MODULE_SIG_ALL
bool "Automatically sign all modules"
default y
depends on MODULE_SIG
help
Sign all modules during make modules_install. Without this option,
modules must be signed manually, using the scripts/sign-file tool.
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
choice choice
prompt "Which hash algorithm should modules be signed with?" prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG depends on MODULE_SIG
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册