[linux-yocto] [PATCH 1/1] features/module-signing: add new feature

Sun, 04 Nov 2018 22:39:01 -0800 

Add feature to enable signing of modules. If signing is to be forced,
force-signing should be included, else signing.scc.

Signed-off-by: Anuj Mittal <anuj.mit...@intel.com>
---
 features/module-signing/force-signing.cfg | 1 +
 features/module-signing/force-signing.scc | 6 ++++++
 features/module-signing/signing.cfg       | 4 ++++
 features/module-signing/signing.scc       | 4 ++++
 4 files changed, 15 insertions(+)
 create mode 100644 features/module-signing/force-signing.cfg
 create mode 100644 features/module-signing/force-signing.scc
 create mode 100644 features/module-signing/signing.cfg
 create mode 100644 features/module-signing/signing.scc

diff --git a/features/module-signing/force-signing.cfg 
b/features/module-signing/force-signing.cfg
new file mode 100644
index 00000000..2bb17459
--- /dev/null
+++ b/features/module-signing/force-signing.cfg
@@ -0,0 +1 @@
+CONFIG_MODULE_SIG_FORCE=y
diff --git a/features/module-signing/force-signing.scc 
b/features/module-signing/force-signing.scc
new file mode 100644
index 00000000..ec8032a6
--- /dev/null
+++ b/features/module-signing/force-signing.scc
@@ -0,0 +1,6 @@
+define KFEATURE_DESCRIPTION "Reject unsigned modules or signed modules for 
which we don't have a key."
+define KFEATURE_COMPATIBILITY all
+
+include signing.scc
+
+kconf non-hardware force-signing.cfg
diff --git a/features/module-signing/signing.cfg 
b/features/module-signing/signing.cfg
new file mode 100644
index 00000000..9d861d0a
--- /dev/null
+++ b/features/module-signing/signing.cfg
@@ -0,0 +1,4 @@
+CONFIG_MODULE_SIG=y
+
+# Enable default hash algorithm to be SHA512
+CONFIG_MODULE_SIG_SHA512=y
diff --git a/features/module-signing/signing.scc 
b/features/module-signing/signing.scc
new file mode 100644
index 00000000..b9412f63
--- /dev/null
+++ b/features/module-signing/signing.scc
@@ -0,0 +1,4 @@
+define KFEATURE_DESCRIPTION "Enable module signing in kernel"
+define KFEATURE_COMPATIBILITY all
+
+kconf non-hardware signing.cfg
-- 
2.17.1

-- 
_______________________________________________
linux-yocto mailing list
linux-yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/linux-yocto

Reply via email to