diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-26 00:41:43 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-26 00:41:43 +0100 |
commit | 9043a2650cd21f96f831a97f516c2c302e21fb70 (patch) | |
tree | 926720afb0acc7bad8cfcae537dc58de552f9249 /init/Kconfig | |
parent | Merge tag 'mfd-3.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/... (diff) | |
parent | MODSIGN: Add option to not sign modules during modules_install (diff) | |
download | linux-9043a2650cd21f96f831a97f516c2c302e21fb70.tar.xz linux-9043a2650cd21f96f831a97f516c2c302e21fb70.zip |
Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull module update from Rusty Russell:
"The sweeping change is to make add_taint() explicitly indicate whether
to disable lockdep, but it's a mechanical change."
* tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
MODSIGN: Add option to not sign modules during modules_install
MODSIGN: Add -s <signature> option to sign-file
MODSIGN: Specify the hash algorithm on sign-file command line
MODSIGN: Simplify Makefile with a Kconfig helper
module: clean up load_module a little more.
modpost: Ignore ARC specific non-alloc sections
module: constify within_module_*
taint: add explicit flag to show whether lock dep is still OK.
module: printk message when module signature fail taints kernel.
Diffstat (limited to 'init/Kconfig')
-rw-r--r-- | init/Kconfig | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 28c5b9dcc91e..968c539f0ac3 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1670,6 +1670,17 @@ config MODULE_SIG_FORCE Reject unsigned modules or signed modules for which we don't have a key. Without this, such modules will simply taint the kernel. +config MODULE_SIG_ALL + bool "Automatically sign all modules" + default y + depends on MODULE_SIG + help + Sign all modules during make modules_install. Without this option, + modules must be signed manually, using the scripts/sign-file tool. + +comment "Do not forget to sign required modules with scripts/sign-file" + depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL + choice prompt "Which hash algorithm should modules be signed with?" depends on MODULE_SIG @@ -1702,6 +1713,15 @@ config MODULE_SIG_SHA512 endchoice +config MODULE_SIG_HASH + string + depends on MODULE_SIG + default "sha1" if MODULE_SIG_SHA1 + default "sha224" if MODULE_SIG_SHA224 + default "sha256" if MODULE_SIG_SHA256 + default "sha384" if MODULE_SIG_SHA384 + default "sha512" if MODULE_SIG_SHA512 + endif # MODULES config INIT_ALL_POSSIBLE |