Use and enforce kernel module signing

We use a build time generated key, as we never care about building additional kernel modules to load. For added security, as part of your build process, you should erase this build artifact. Fixes: https://github.com/open-power/op-build/issues/525 Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
author: Stewart Smith <stewart@linux.vnet.ibm.com> 2017-03-10 11:56:22 +1100
committer: Stewart Smith <stewart@linux.vnet.ibm.com> 2017-03-10 11:57:10 +1100
commit: 034ff11c71f3ea49186781543dd3b6e88b191996 (patch)
tree: 9d89b8b2c079d002a0ade12012061f64e31c8227 /openpower/configs/linux
parent: 333c9b668edc0dc01ded8de88709a1c0c634a538 (diff)
download: talos-op-build-034ff11c71f3ea49186781543dd3b6e88b191996.tar.gz
talos-op-build-034ff11c71f3ea49186781543dd3b6e88b191996.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/openpower/configs/linux/skiroot_defconfig b/openpower/configs/linux/skiroot_defconfig
index c85fd6af..e72fc347 100644
--- a/openpower/configs/linux/skiroot_defconfig
+++ b/openpower/configs/linux/skiroot_defconfig
@@ -31,6 +31,9 @@ CONFIG_PERF_EVENTS=y
 CONFIG_JUMP_LABEL=y
 CONFIG_MODULES=y
 CONFIG_MODULE_UNLOAD=y
+CONFIG_MODULE_SIG=y
+CONFIG_MODULE_SIG_FORCE=y
+CONFIG_MODULE_SIG_SHA512=y
 CONFIG_PARTITION_ADVANCED=y
 # CONFIG_IOSCHED_DEADLINE is not set
 # CONFIG_PPC_PSERIES is not set
author	Stewart Smith <stewart@linux.vnet.ibm.com>	2017-03-10 11:56:22 +1100
committer	Stewart Smith <stewart@linux.vnet.ibm.com>	2017-03-10 11:57:10 +1100
commit	034ff11c71f3ea49186781543dd3b6e88b191996 (patch)
tree	9d89b8b2c079d002a0ade12012061f64e31c8227 /openpower/configs/linux
parent	333c9b668edc0dc01ded8de88709a1c0c634a538 (diff)
download	talos-op-build-034ff11c71f3ea49186781543dd3b6e88b191996.tar.gz talos-op-build-034ff11c71f3ea49186781543dd3b6e88b191996.zip