secure boot modsign depends on CONFIG_MODULE_SIG not CONFIG_MODULES
This commit is contained in:
Josh Boyer
parent
ed866e8086
commit
393a84a43a
2 changed files with 6 additions and 3 deletions
|
|
@ -62,7 +62,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 4
|
||||
%global baserelease 5
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
|
@ -2314,6 +2314,9 @@ fi
|
|||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Sat Oct 06 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- secure boot modsign depends on CONFIG_MODULE_SIG not CONFIG_MODULES
|
||||
|
||||
* Fri Oct 05 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- Adjust secure boot modsign patch
|
||||
|
||||
|
|
|
|||
|
|
@ -676,7 +676,7 @@ index 7e6e83f..2b0b980 100644
|
|||
0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
|
||||
}
|
||||
|
||||
+#ifdef CONFIG_MODULES
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+extern bool sig_enforce;
|
||||
+#endif
|
||||
+
|
||||
|
|
@ -685,7 +685,7 @@ index 7e6e83f..2b0b980 100644
|
|||
pr_info("Secure boot enabled\n");
|
||||
cap_lower((&init_cred)->cap_bset, CAP_COMPROMISE_KERNEL);
|
||||
cap_lower((&init_cred)->cap_permitted, CAP_COMPROMISE_KERNEL);
|
||||
+#ifdef CONFIG_MODULES
|
||||
+#ifdef CONFIG_MODULE_SIG
|
||||
+ /* Enable module signature enforcing */
|
||||
+ sig_enforce = true;
|
||||
+#endif
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue