|author||Michal Marek <firstname.lastname@example.org>||2013-01-25 13:41:31 +1030|
|committer||Rusty Russell <email@example.com>||2013-01-25 16:55:37 +1030|
MODSIGN: Add option to not sign modules during modules_install
To allow the builder to sign only a subset of modules, or to sign the modules using a key that is not available on the build machine, add CONFIG_MODULE_SIG_ALL. If this option is unset, no modules will be signed during build. The default is 'y', to preserve the current behavior. Signed-off-by: Michal Marek <firstname.lastname@example.org> Acked-by: David Howells <email@example.com> Signed-off-by: Rusty Russell <firstname.lastname@example.org>
Diffstat (limited to 'init/Kconfig')
1 files changed, 11 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index fff4cb1321c5..88f334fb403b 100644
@@ -1665,6 +1665,17 @@ config MODULE_SIG_FORCE
Reject unsigned modules or signed modules for which we don't have a
key. Without this, such modules will simply taint the kernel.
+ bool "Automatically sign all modules"
+ default y
+ depends on MODULE_SIG
+ Sign all modules during make modules_install. Without this option,
+ modules must be signed manually, using the scripts/sign-file tool.
+comment "Do not forget to sign required modules with scripts/sign-file"
+ depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG