Add feature to enable signing of modules. If signing is to be forced, force-signing should be included, else signing.scc.
Signed-off-by: Anuj Mittal <anuj.mit...@intel.com> --- features/module-signing/force-signing.cfg | 1 + features/module-signing/force-signing.scc | 6 ++++++ features/module-signing/signing.cfg | 4 ++++ features/module-signing/signing.scc | 4 ++++ 4 files changed, 15 insertions(+) create mode 100644 features/module-signing/force-signing.cfg create mode 100644 features/module-signing/force-signing.scc create mode 100644 features/module-signing/signing.cfg create mode 100644 features/module-signing/signing.scc diff --git a/features/module-signing/force-signing.cfg b/features/module-signing/force-signing.cfg new file mode 100644 index 00000000..2bb17459 --- /dev/null +++ b/features/module-signing/force-signing.cfg @@ -0,0 +1 @@ +CONFIG_MODULE_SIG_FORCE=y diff --git a/features/module-signing/force-signing.scc b/features/module-signing/force-signing.scc new file mode 100644 index 00000000..ec8032a6 --- /dev/null +++ b/features/module-signing/force-signing.scc @@ -0,0 +1,6 @@ +define KFEATURE_DESCRIPTION "Reject unsigned modules or signed modules for which we don't have a key." +define KFEATURE_COMPATIBILITY all + +include signing.scc + +kconf non-hardware force-signing.cfg diff --git a/features/module-signing/signing.cfg b/features/module-signing/signing.cfg new file mode 100644 index 00000000..9d861d0a --- /dev/null +++ b/features/module-signing/signing.cfg @@ -0,0 +1,4 @@ +CONFIG_MODULE_SIG=y + +# Enable default hash algorithm to be SHA512 +CONFIG_MODULE_SIG_SHA512=y diff --git a/features/module-signing/signing.scc b/features/module-signing/signing.scc new file mode 100644 index 00000000..b9412f63 --- /dev/null +++ b/features/module-signing/signing.scc @@ -0,0 +1,4 @@ +define KFEATURE_DESCRIPTION "Enable module signing in kernel" +define KFEATURE_COMPATIBILITY all + +kconf non-hardware signing.cfg -- 2.17.1 -- _______________________________________________ linux-yocto mailing list linux-yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/linux-yocto