aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichal Marek <mmarek@suse.cz>2013-01-24 22:11:31 -0500
committerRusty Russell <rusty@rustcorp.com.au>2013-01-25 01:25:37 -0500
commitd9d8d7ed498ec65bea72dd24be7b9cd35af0c200 (patch)
treed2d9721c2e64a941f22a7c4a4611a53155d9ec36
parent1c37c054a7493e0537ea3d15a59dac3a0aa63a05 (diff)
MODSIGN: Add option to not sign modules during modules_install
To allow the builder to sign only a subset of modules, or to sign the modules using a key that is not available on the build machine, add CONFIG_MODULE_SIG_ALL. If this option is unset, no modules will be signed during build. The default is 'y', to preserve the current behavior. Signed-off-by: Michal Marek <mmarek@suse.cz> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
-rw-r--r--Makefile2
-rw-r--r--init/Kconfig11
2 files changed, 12 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index 77ea707d8543..8e9f9efc5b39 100644
--- a/Makefile
+++ b/Makefile
@@ -719,7 +719,7 @@ endif # INSTALL_MOD_STRIP
719export mod_strip_cmd 719export mod_strip_cmd
720 720
721 721
722ifeq ($(CONFIG_MODULE_SIG),y) 722ifdef CONFIG_MODULE_SIG_ALL
723MODSECKEY = ./signing_key.priv 723MODSECKEY = ./signing_key.priv
724MODPUBKEY = ./signing_key.x509 724MODPUBKEY = ./signing_key.x509
725export MODPUBKEY 725export MODPUBKEY
diff --git a/init/Kconfig b/init/Kconfig
index fff4cb1321c5..88f334fb403b 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1665,6 +1665,17 @@ config MODULE_SIG_FORCE
1665 Reject unsigned modules or signed modules for which we don't have a 1665 Reject unsigned modules or signed modules for which we don't have a
1666 key. Without this, such modules will simply taint the kernel. 1666 key. Without this, such modules will simply taint the kernel.
1667 1667
1668config MODULE_SIG_ALL
1669 bool "Automatically sign all modules"
1670 default y
1671 depends on MODULE_SIG
1672 help
1673 Sign all modules during make modules_install. Without this option,
1674 modules must be signed manually, using the scripts/sign-file tool.
1675
1676comment "Do not forget to sign required modules with scripts/sign-file"
1677 depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
1678
1668choice 1679choice
1669 prompt "Which hash algorithm should modules be signed with?" 1680 prompt "Which hash algorithm should modules be signed with?"
1670 depends on MODULE_SIG 1681 depends on MODULE_SIG