diff options
author | Josh Boyer <jwboyer@redhat.com> | 2012-10-06 08:53:08 -0400 |
---|---|---|
committer | Josh Boyer <jwboyer@redhat.com> | 2012-10-06 08:53:30 -0400 |
commit | 393a84a43a0d3525ad6a87ceca04ea762b7384f1 (patch) | |
tree | 14a70ed0e9f85303fa4bca2f8d94ce98abbfda90 | |
parent | ed866e80868ed770e5bf9e7470b32e073627fa5c (diff) | |
download | kernel-393a84a43a0d3525ad6a87ceca04ea762b7384f1.tar.gz kernel-393a84a43a0d3525ad6a87ceca04ea762b7384f1.tar.xz kernel-393a84a43a0d3525ad6a87ceca04ea762b7384f1.zip |
secure boot modsign depends on CONFIG_MODULE_SIG not CONFIG_MODULES
-rw-r--r-- | kernel.spec | 5 | ||||
-rw-r--r-- | secure-boot-20120924.patch | 4 |
2 files changed, 6 insertions, 3 deletions
diff --git a/kernel.spec b/kernel.spec index b8bf94154..9b3a39190 100644 --- a/kernel.spec +++ b/kernel.spec @@ -62,7 +62,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 4 +%global baserelease 5 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -2314,6 +2314,9 @@ fi # ||----w | # || || %changelog +* Sat Oct 06 2012 Josh Boyer <jwboyer@redhat.com> +- secure boot modsign depends on CONFIG_MODULE_SIG not CONFIG_MODULES + * Fri Oct 05 2012 Josh Boyer <jwboyer@redhat.com> - Adjust secure boot modsign patch diff --git a/secure-boot-20120924.patch b/secure-boot-20120924.patch index 3f9bdc2f3..54825efe6 100644 --- a/secure-boot-20120924.patch +++ b/secure-boot-20120924.patch @@ -676,7 +676,7 @@ index 7e6e83f..2b0b980 100644 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); } -+#ifdef CONFIG_MODULES ++#ifdef CONFIG_MODULE_SIG +extern bool sig_enforce; +#endif + @@ -685,7 +685,7 @@ index 7e6e83f..2b0b980 100644 pr_info("Secure boot enabled\n"); cap_lower((&init_cred)->cap_bset, CAP_COMPROMISE_KERNEL); cap_lower((&init_cred)->cap_permitted, CAP_COMPROMISE_KERNEL); -+#ifdef CONFIG_MODULES ++#ifdef CONFIG_MODULE_SIG + /* Enable module signature enforcing */ + sig_enforce = true; +#endif |