From 393a84a43a0d3525ad6a87ceca04ea762b7384f1 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Sat, 6 Oct 2012 08:53:08 -0400
Subject: [PATCH] secure boot modsign depends on CONFIG_MODULE_SIG not
 CONFIG_MODULES

---
 kernel.spec                | 5 ++++-
 secure-boot-20120924.patch | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/kernel.spec b/kernel.spec
index b8bf94154..9b3a39190 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -62,7 +62,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 4
+%global baserelease 5
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -2314,6 +2314,9 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Sat Oct 06 2012 Josh Boyer <jwboyer@redhat.com>
+- secure boot modsign depends on CONFIG_MODULE_SIG not CONFIG_MODULES
+
 * Fri Oct 05 2012 Josh Boyer <jwboyer@redhat.com>
 - Adjust secure boot modsign patch
 
diff --git a/secure-boot-20120924.patch b/secure-boot-20120924.patch
index 3f9bdc2f3..54825efe6 100644
--- a/secure-boot-20120924.patch
+++ b/secure-boot-20120924.patch
@@ -676,7 +676,7 @@ index 7e6e83f..2b0b980 100644
  				     0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
  }
  
-+#ifdef CONFIG_MODULES
++#ifdef CONFIG_MODULE_SIG
 +extern bool sig_enforce;
 +#endif
 +
@@ -685,7 +685,7 @@ index 7e6e83f..2b0b980 100644
  	pr_info("Secure boot enabled\n");
  	cap_lower((&init_cred)->cap_bset, CAP_COMPROMISE_KERNEL);
  	cap_lower((&init_cred)->cap_permitted, CAP_COMPROMISE_KERNEL);
-+#ifdef CONFIG_MODULES
++#ifdef CONFIG_MODULE_SIG
 +	/* Enable module signature enforcing */
 +	sig_enforce = true;
 +#endif