linux: add support for kernel modules signing

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

meta-integrity/recipes-kernel/linux/linux-%.bbappend

@@ -1,3 +1,6 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/linux:"
 
 SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' file://ima.cfg', '', d)}"
+SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' file://modsign.scc file://modsign.cfg', '', d)}"
+
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}

meta-integrity/recipes-kernel/linux/linux/modsign.cfg

@@ -0,0 +1,5 @@
+CONFIG_MODULE_SIG=y
+CONFIG_MODULE_SIG_FORCE=y
+CONFIG_MODULE_SIG_SHA256=y
+CONFIG_MODULE_SIG_HASH="sha256"
+CONFIG_MODULE_SIG_KEY="modsign_key.pem"

meta-integrity/recipes-kernel/linux/linux/modsign.scc

@@ -0,0 +1,4 @@
+define KFEATURE_DESCRIPTION "Kernel Module Signing (modsign) enablement"
+define KFEATURE_COMPATIBILITY all
+
+kconf non-hardware modsign.cfg