[linux] 02/03: modules: Enable MODULE_SIG and MODULE_SIG_SHA256
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sun Apr 3 13:58:21 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch benh/secure-boot
in repository linux.
commit c955e35c32d452b05f5d3c9ccebd6f588b1e90ae
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sun Apr 3 04:53:27 2016 +0100
modules: Enable MODULE_SIG and MODULE_SIG_SHA256
...but not MODULE_SIG_ALL as signatures will be packaged separately
---
debian/changelog | 3 +++
debian/config/armel/config.marvell | 1 +
debian/config/config | 15 ++++++++-------
debian/templates/control.source.in | 2 +-
4 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 728e711..a289718 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,9 @@ linux (4.5-1~exp2) UNRELEASED; urgency=medium
(Closes: #550379, #573483, #816500)
* Add Matthew Garrett's securelevel patchset in preparation for Secure Boot
support (see Documentation/security/securelevel.txt)
+ * modules: Enable MODULE_SIG and MODULE_SIG_SHA256, but not MODULE_SIG_ALL
+ as signatures will be packaged separately
+ - debian/control: Add build-dependency on libssl-dev
-- Ben Hutchings <ben at decadent.org.uk> Fri, 25 Mar 2016 13:43:57 +0000
diff --git a/debian/config/armel/config.marvell b/debian/config/armel/config.marvell
index ed9308d..d80a2cc 100644
--- a/debian/config/armel/config.marvell
+++ b/debian/config/armel/config.marvell
@@ -672,6 +672,7 @@ CONFIG_ORION_WATCHDOG=m
# CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_CC_OPTIMIZE_FOR_SIZE=y
# CONFIG_PROFILING is not set
+# CONFIG_MODULE_SIG is not set
##
## file: kernel/power/Kconfig
diff --git a/debian/config/config b/debian/config/config
index 9a0daf5..2b826b8 100644
--- a/debian/config/config
+++ b/debian/config/config
@@ -56,11 +56,6 @@ CONFIG_EFI_PARTITION=y
# CONFIG_CMDLINE_PARTITION is not set
##
-## file: certs/Kconfig
-##
-# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
-
-##
## file: crypto/Kconfig
##
CONFIG_CRYPTO=y
@@ -5585,8 +5580,14 @@ CONFIG_MODULE_UNLOAD=y
CONFIG_MODULE_FORCE_UNLOAD=y
CONFIG_MODVERSIONS=y
# CONFIG_MODULE_SRCVERSION_ALL is not set
-#. Not yet
-# CONFIG_MODULE_SIG is not set
+CONFIG_MODULE_SIG=y
+#. Signature validation is a run-time option
+# CONFIG_MODULE_SIG_FORCE is not set
+#. Signatures are added in linux-signed
+# CONFIG_MODULE_SIG_ALL is not set
+## choice: Which hash algorithm should modules be signed with?
+CONFIG_MODULE_SIG_SHA256=y
+## end choice
# CONFIG_MODULE_COMPRESS is not set
##
diff --git a/debian/templates/control.source.in b/debian/templates/control.source.in
index ab65421..43677eb 100644
--- a/debian/templates/control.source.in
+++ b/debian/templates/control.source.in
@@ -4,7 +4,7 @@ Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Uploaders: Bastian Blank <waldi at debian.org>, maximilian attems <maks at debian.org>, Ben Hutchings <ben at decadent.org.uk>
Standards-Version: 3.9.5
Build-Depends: debhelper, python3:any, quilt,
- cpio <!stage1>, kmod <!stage1>, xz-utils <!stage1>, kernel-wedge (>= 2.93~) <!stage1>, bc <!stage1>,
+ cpio <!stage1>, kmod <!stage1>, xz-utils <!stage1>, kernel-wedge (>= 2.93~) <!stage1>, bc <!stage1>, libssl-dev <!stage1>, openssl <!stage1>,
asciidoc <!stage1>, bison <!stage1>, flex <!stage1>, gcc-multilib [amd64 ppc64 s390x sparc64] <!stage1>, libaudit-dev <!stage1>, libdw-dev <!stage1>, libelf-dev <!stage1>, libiberty-dev <!stage1> | binutils-dev (<< 2.23.91.20131123-1) <!stage1>, libnewt-dev <!stage1>, libnuma-dev [amd64 arm64 hppa i386 mips mips64 mips64el mipsel powerpc powerpcspe ppc64 ppc64el sparc x32] <!stage1>, libperl-dev <!stage1>, libunwind8-dev [amd64 armel armhf arm64 i386] <!stage1>, python-dev <!stage1>, xm [...]
autoconf <!stage1>, automake <!stage1>, libtool <!stage1>, libglib2.0-dev <!stage1>, libudev-dev <!stage1>, libwrap0-dev <!stage1>, libpci-dev <!stage1>,
dh-python <!stage1>, dh-systemd <!stage1>
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list