secure boot modsign depends on CONFIG_MODULE_SIG not CONFIG_MODULES

2012-10-06 08:53:08 -04:00 · 2012-10-06 08:53:08 -04:00 · 393a84a43a
commit 393a84a43a
parent ed866e8086
2 changed files with 6 additions and 3 deletions
--- a/kernel.spec
+++ b/kernel.spec
@ -62,7 +62,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 4
+%global baserelease 5
 %global fedora_build %{baserelease}
 # base_sublevel is the kernel version we're starting with and patching
@ -2314,6 +2314,9 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
 * Sat Oct 06 2012 Josh Boyer <jwboyer@redhat.com>
 - secure boot modsign depends on CONFIG_MODULE_SIG not CONFIG_MODULES
 * Fri Oct 05 2012 Josh Boyer <jwboyer@redhat.com>
 - Adjust secure boot modsign patch
--- a/secure-boot-20120924.patch
+++ b/secure-boot-20120924.patch
@ -676,7 +676,7 @@ index 7e6e83f..2b0b980 100644
 				     0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
 }
-+#ifdef CONFIG_MODULES
+#ifdef CONFIG_MODULE_SIG
 +extern bool sig_enforce;
 +#endif
 +
@ -685,7 +685,7 @@ index 7e6e83f..2b0b980 100644
 	pr_info("Secure boot enabled\n");
 	cap_lower((&init_cred)->cap_bset, CAP_COMPROMISE_KERNEL);
 	cap_lower((&init_cred)->cap_permitted, CAP_COMPROMISE_KERNEL);
-+#ifdef CONFIG_MODULES
+#ifdef CONFIG_MODULE_SIG
 +	/* Enable module signature enforcing */
 +	sig_enforce = true;
 +#endif