MODSIGN: Add option to not sign modules during modules_install

To allow the builder to sign only a subset of modules, or to sign the modules using a key that is not available on the build machine, add CONFIG_MODULE_SIG_ALL. If this option is unset, no modules will be signed during build. The default is 'y', to preserve the current behavior. Signed-off-by: Michal Marek <mmarek@suse.cz> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
author: Michal Marek 2013-01-24 21:11:31 -0600
committer: Rusty Russell 2013-01-25 00:25:37 -0600
commit: d9d8d7ed498ec65bea72dd24be7b9cd35af0c200 (patch)
tree: d2d9721c2e64a941f22a7c4a4611a53155d9ec36 /init
parent: 1c37c054a7493e0537ea3d15a59dac3a0aa63a05 (diff)
download: am43-linux-kernel-d9d8d7ed498ec65bea72dd24be7b9cd35af0c200.tar.gz
am43-linux-kernel-d9d8d7ed498ec65bea72dd24be7b9cd35af0c200.tar.xz
am43-linux-kernel-d9d8d7ed498ec65bea72dd24be7b9cd35af0c200.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index fff4cb1321c..88f334fb403 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1665,6 +1665,17 @@ config MODULE_SIG_FORCE
          Reject unsigned modules or signed modules for which we don't have a
          key.  Without this, such modules will simply taint the kernel.
+config MODULE_SIG_ALL
+        bool "Automatically sign all modules"
+        default y
+        depends on MODULE_SIG
+        help
+          Sign all modules during make modules_install. Without this option,
+          modules must be signed manually, using the scripts/sign-file tool.
+comment "Do not forget to sign required modules with scripts/sign-file"
+        depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
 choice
        prompt "Which hash algorithm should modules be signed with?"
        depends on MODULE_SIG
author	Michal Marek	2013-01-24 21:11:31 -0600
committer	Rusty Russell	2013-01-25 00:25:37 -0600
commit	d9d8d7ed498ec65bea72dd24be7b9cd35af0c200 (patch)
tree	d2d9721c2e64a941f22a7c4a4611a53155d9ec36 /init
parent	1c37c054a7493e0537ea3d15a59dac3a0aa63a05 (diff)
download	am43-linux-kernel-d9d8d7ed498ec65bea72dd24be7b9cd35af0c200.tar.gz am43-linux-kernel-d9d8d7ed498ec65bea72dd24be7b9cd35af0c200.tar.xz am43-linux-kernel-d9d8d7ed498ec65bea72dd24be7b9cd35af0c200.zip

diff --git a/init/Kconfig b/init/Kconfig index fff4cb1321c..88f334fb403 100644 --- a/init/Kconfig +++ b/init/Kconfig
@@ -1665,6 +1665,17 @@ config MODULE_SIG_FORCE
1665	Reject unsigned modules or signed modules for which we don't have a	1665	Reject unsigned modules or signed modules for which we don't have a
1666	key. Without this, such modules will simply taint the kernel.	1666	key. Without this, such modules will simply taint the kernel.
1667		1667
		1668	config MODULE_SIG_ALL
		1669	bool "Automatically sign all modules"
		1670	default y
		1671	depends on MODULE_SIG
		1672	help
		1673	Sign all modules during make modules_install. Without this option,
		1674	modules must be signed manually, using the scripts/sign-file tool.
		1675
		1676	comment "Do not forget to sign required modules with scripts/sign-file"
		1677	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
		1678
1668	choice	1679	choice
1669	prompt "Which hash algorithm should modules be signed with?"	1680	prompt "Which hash algorithm should modules be signed with?"
1670	depends on MODULE_SIG	1681	depends on MODULE_SIG