[linux-yocto] [PATCH 1/1] features/module-signing: add new feature
Anuj Mittal
anuj.mittal at intel.com
Sun Nov 4 22:38:08 PST 2018
Add feature to enable signing of modules. If signing is to be forced,
force-signing should be included, else signing.scc.
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
---
features/module-signing/force-signing.cfg | 1 +
features/module-signing/force-signing.scc | 6 ++++++
features/module-signing/signing.cfg | 4 ++++
features/module-signing/signing.scc | 4 ++++
4 files changed, 15 insertions(+)
create mode 100644 features/module-signing/force-signing.cfg
create mode 100644 features/module-signing/force-signing.scc
create mode 100644 features/module-signing/signing.cfg
create mode 100644 features/module-signing/signing.scc
diff --git a/features/module-signing/force-signing.cfg b/features/module-signing/force-signing.cfg
new file mode 100644
index 00000000..2bb17459
--- /dev/null
+++ b/features/module-signing/force-signing.cfg
@@ -0,0 +1 @@
+CONFIG_MODULE_SIG_FORCE=y
diff --git a/features/module-signing/force-signing.scc b/features/module-signing/force-signing.scc
new file mode 100644
index 00000000..ec8032a6
--- /dev/null
+++ b/features/module-signing/force-signing.scc
@@ -0,0 +1,6 @@
+define KFEATURE_DESCRIPTION "Reject unsigned modules or signed modules for which we don't have a key."
+define KFEATURE_COMPATIBILITY all
+
+include signing.scc
+
+kconf non-hardware force-signing.cfg
diff --git a/features/module-signing/signing.cfg b/features/module-signing/signing.cfg
new file mode 100644
index 00000000..9d861d0a
--- /dev/null
+++ b/features/module-signing/signing.cfg
@@ -0,0 +1,4 @@
+CONFIG_MODULE_SIG=y
+
+# Enable default hash algorithm to be SHA512
+CONFIG_MODULE_SIG_SHA512=y
diff --git a/features/module-signing/signing.scc b/features/module-signing/signing.scc
new file mode 100644
index 00000000..b9412f63
--- /dev/null
+++ b/features/module-signing/signing.scc
@@ -0,0 +1,4 @@
+define KFEATURE_DESCRIPTION "Enable module signing in kernel"
+define KFEATURE_COMPATIBILITY all
+
+kconf non-hardware signing.cfg
--
2.17.1
More information about the linux-yocto
mailing list