mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-07 16:59:28 +00:00
Code Issues Projects Releases Wiki Activity

linux: add support for kernel modules signing

Browse Source 
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
This commit is contained in:
Dmitry Eremin-Solenikov
2019-07-28 18:31:50 +03:00
committed by Armin Kuster
parent 79bc2559fe
commit eebe0ff18a
3 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-integrity/recipes-kernel/linux/linux-%.bbappend
+3
View File
@@ -1,3 +1,6 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/linux:" FILESEXTRAPATHS_prepend := "${THISDIR}/linux:"
SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' file://ima.cfg', '', d)}" SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' file://ima.cfg', '', d)}"
SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' file://modsign.scc file://modsign.cfg', '', d)}"
inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}
meta-integrity/recipes-kernel/linux/linux/modsign.cfg
+5
View File
@@ -0,0 +1,5 @@
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_FORCE=y
CONFIG_MODULE_SIG_SHA256=y
CONFIG_MODULE_SIG_HASH="sha256"
CONFIG_MODULE_SIG_KEY="modsign_key.pem"
meta-integrity/recipes-kernel/linux/linux/modsign.scc
+4
View File
@@ -0,0 +1,4 @@
define KFEATURE_DESCRIPTION "Kernel Module Signing (modsign) enablement"
define KFEATURE_COMPATIBILITY all
kconf non-hardware modsign.cfg