summaryrefslogtreecommitdiff
path: root/init
diff options
context:
space:
mode:
authorMichal Marek <mmarek@suse.cz>2013-01-25 13:41:31 +1030
committerRusty Russell <rusty@rustcorp.com.au>2013-01-25 16:55:37 +1030
commitd9d8d7ed498ec65bea72dd24be7b9cd35af0c200 (patch)
treed2d9721c2e64a941f22a7c4a4611a53155d9ec36 /init
parent1c37c054a7493e0537ea3d15a59dac3a0aa63a05 (diff)
MODSIGN: Add option to not sign modules during modules_install
To allow the builder to sign only a subset of modules, or to sign the modules using a key that is not available on the build machine, add CONFIG_MODULE_SIG_ALL. If this option is unset, no modules will be signed during build. The default is 'y', to preserve the current behavior. Signed-off-by: Michal Marek <mmarek@suse.cz> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig11
1 files changed, 11 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index fff4cb1321c..88f334fb403 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1665,6 +1665,17 @@ config MODULE_SIG_FORCE
Reject unsigned modules or signed modules for which we don't have a
key. Without this, such modules will simply taint the kernel.
+config MODULE_SIG_ALL
+ bool "Automatically sign all modules"
+ default y
+ depends on MODULE_SIG
+ help
+ Sign all modules during make modules_install. Without this option,
+ modules must be signed manually, using the scripts/sign-file tool.
+
+comment "Do not forget to sign required modules with scripts/sign-file"
+ depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+
choice
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG