[linux] 02/02: debian/rules.real: Only put vmlinuz in code-sign tarball if it implements SB
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Wed Aug 31 20:41:08 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch benh/byhand-code-sign
in repository linux.
commit 42910264eb1653c11198d9d06ddce4b4ed557b4a
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Wed Aug 31 21:29:02 2016 +0100
debian/rules.real: Only put vmlinuz in code-sign tarball if it implements SB
We should only get images signed with the archive key if they
implement Secure Boot fully (CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y).
---
debian/rules.real | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/debian/rules.real b/debian/rules.real
index bbdab46..59074f8 100644
--- a/debian/rules.real
+++ b/debian/rules.real
@@ -466,7 +466,9 @@ install-code-sign_$(ARCH):
ifneq ($(wildcard debian/linux-image-*-unsigned),)
{ cd debian; \
for dir in linux-image-*-unsigned; do \
- grep -l '^CONFIG_EFI_STUB=y' $$dir/boot/config-* | sed 's|/config-|/vmlinuz-|'; \
+ grep -l '^CONFIG_EFI_STUB=y' $$dir/boot/config-* | \
+ grep -l '^CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y' | \
+ sed 's|/config-|/vmlinuz-|'; \
find $$dir/lib/modules -name '*.ko'; \
done \
| tar --no-recursion -T - -c --xz -f -; } \
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list