secure boot modsign depends on CONFIG_MODULE_SIG not CONFIG_MODULES

2 files changed, 6 insertions, 3 deletions

diff --git a/kernel.spec b/kernel.spec
index b8bf94154..9b3a39190 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -62,7 +62,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 4
+%global baserelease 5
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -2314,6 +2314,9 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Sat Oct 06 2012 Josh Boyer <jwboyer@redhat.com>
+- secure boot modsign depends on CONFIG_MODULE_SIG not CONFIG_MODULES
+
 * Fri Oct 05 2012 Josh Boyer <jwboyer@redhat.com>
 - Adjust secure boot modsign patch
 
diff --git a/secure-boot-20120924.patch b/secure-boot-20120924.patch
index 3f9bdc2f3..54825efe6 100644
--- a/secure-boot-20120924.patch
+++ b/secure-boot-20120924.patch
@@ -676,7 +676,7 @@ index 7e6e83f..2b0b980 100644
  				     0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
  }
  
-+#ifdef CONFIG_MODULES
++#ifdef CONFIG_MODULE_SIG
 +extern bool sig_enforce;
 +#endif
 +
@@ -685,7 +685,7 @@ index 7e6e83f..2b0b980 100644
  	pr_info("Secure boot enabled\n");
  	cap_lower((&init_cred)->cap_bset, CAP_COMPROMISE_KERNEL);
  	cap_lower((&init_cred)->cap_permitted, CAP_COMPROMISE_KERNEL);
-+#ifdef CONFIG_MODULES
++#ifdef CONFIG_MODULE_SIG
 +	/* Enable module signature enforcing */
 +	sig_enforce = true;
 +#endif