summaryrefslogtreecommitdiffstats
path: root/init
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2013-02-26 00:41:43 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2013-02-26 00:41:43 +0100
commit9043a2650cd21f96f831a97f516c2c302e21fb70 (patch)
tree926720afb0acc7bad8cfcae537dc58de552f9249 /init
parentMerge tag 'mfd-3.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/... (diff)
parentMODSIGN: Add option to not sign modules during modules_install (diff)
downloadlinux-9043a2650cd21f96f831a97f516c2c302e21fb70.tar.xz
linux-9043a2650cd21f96f831a97f516c2c302e21fb70.zip
Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull module update from Rusty Russell: "The sweeping change is to make add_taint() explicitly indicate whether to disable lockdep, but it's a mechanical change." * tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: MODSIGN: Add option to not sign modules during modules_install MODSIGN: Add -s <signature> option to sign-file MODSIGN: Specify the hash algorithm on sign-file command line MODSIGN: Simplify Makefile with a Kconfig helper module: clean up load_module a little more. modpost: Ignore ARC specific non-alloc sections module: constify within_module_* taint: add explicit flag to show whether lock dep is still OK. module: printk message when module signature fail taints kernel.
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig20
1 files changed, 20 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 28c5b9dcc91e..968c539f0ac3 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1670,6 +1670,17 @@ config MODULE_SIG_FORCE
Reject unsigned modules or signed modules for which we don't have a
key. Without this, such modules will simply taint the kernel.
+config MODULE_SIG_ALL
+ bool "Automatically sign all modules"
+ default y
+ depends on MODULE_SIG
+ help
+ Sign all modules during make modules_install. Without this option,
+ modules must be signed manually, using the scripts/sign-file tool.
+
+comment "Do not forget to sign required modules with scripts/sign-file"
+ depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+
choice
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
@@ -1702,6 +1713,15 @@ config MODULE_SIG_SHA512
endchoice
+config MODULE_SIG_HASH
+ string
+ depends on MODULE_SIG
+ default "sha1" if MODULE_SIG_SHA1
+ default "sha224" if MODULE_SIG_SHA224
+ default "sha256" if MODULE_SIG_SHA256
+ default "sha384" if MODULE_SIG_SHA384
+ default "sha512" if MODULE_SIG_SHA512
+
endif # MODULES
config INIT_ALL_POSSIBLE