secure boot modsign depends on CONFIG_MODULE_SIG not CONFIG_MODULES
This commit is contained in:
Josh Boyer
parent
ed866e8086
commit
393a84a43a
@ -62,7 +62,7 @@ Summary: The Linux kernel
|
||||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 4
|
||||
%global baserelease 5
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
@ -2314,6 +2314,9 @@ fi
|
||||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Sat Oct 06 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- secure boot modsign depends on CONFIG_MODULE_SIG not CONFIG_MODULES
|
||||
|
||||
* Fri Oct 05 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- Adjust secure boot modsign patch
|
||||
|
||||
|
||||
@ -676,7 +676,7 @@ index 7e6e83f..2b0b980 100644
|
||||
0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
|
||||
}
|
||||
|
||||
+#ifdef CONFIG_MODULES
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+extern bool sig_enforce;
|
||||
+#endif
|
||||
+
|
||||
@ -685,7 +685,7 @@ index 7e6e83f..2b0b980 100644
|
||||
pr_info("Secure boot enabled\n");
|
||||
cap_lower((&init_cred)->cap_bset, CAP_COMPROMISE_KERNEL);
|
||||
cap_lower((&init_cred)->cap_permitted, CAP_COMPROMISE_KERNEL);
|
||||
+#ifdef CONFIG_MODULES
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+ /* Enable module signature enforcing */
|
||||
+ sig_enforce = true;
|
||||
+#endif
|
||||
|
||||
Loading…
Reference in New Issue
Block a user