MODSIGN: Add option to not sign modules during modules_install

To allow the builder to sign only a subset of modules, or to sign the modules using a key that is not available on the build machine, add CONFIG_MODULE_SIG_ALL. If this option is unset, no modules will be signed during build. The default is 'y', to preserve the current behavior. Signed-off-by: Michal Marek <mmarek@suse.cz> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
author: Michal Marek <mmarek@suse.cz> 2013-01-25 13:41:31 +1030
committer: Rusty Russell <rusty@rustcorp.com.au> 2013-01-25 16:55:37 +1030
commit: d9d8d7ed498ec65bea72dd24be7b9cd35af0c200 (patch)
tree: d2d9721c2e64a941f22a7c4a4611a53155d9ec36 /init/Kconfig
parent: 1c37c054a7493e0537ea3d15a59dac3a0aa63a05 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index fff4cb1321c5..88f334fb403b 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1665,6 +1665,17 @@ config MODULE_SIG_FORCE
 	  Reject unsigned modules or signed modules for which we don't have a
 	  key.  Without this, such modules will simply taint the kernel.
 
+config MODULE_SIG_ALL
+	bool "Automatically sign all modules"
+	default y
+	depends on MODULE_SIG
+	help
+	  Sign all modules during make modules_install. Without this option,
+	  modules must be signed manually, using the scripts/sign-file tool.
+
+comment "Do not forget to sign required modules with scripts/sign-file"
+	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+
 choice
 	prompt "Which hash algorithm should modules be signed with?"
 	depends on MODULE_SIG
author	Michal Marek <mmarek@suse.cz>	2013-01-25 13:41:31 +1030
committer	Rusty Russell <rusty@rustcorp.com.au>	2013-01-25 16:55:37 +1030
commit	d9d8d7ed498ec65bea72dd24be7b9cd35af0c200 (patch)
tree	d2d9721c2e64a941f22a7c4a4611a53155d9ec36 /init/Kconfig
parent	1c37c054a7493e0537ea3d15a59dac3a0aa63a05 (diff)