[PATCH 1/2] UBUNTU: [Debian] Suppress module signing for staging drivers
Robert Hooker
sarvatt at ubuntu.com
Fri Dec 2 11:56:28 UTC 2016
I still have some doubts about RTS5208 also not loading potentially
screwing up OEM systems but that will show up later and this newer 2
patch series is
Acked-by: Robert Hooker <robert.hooker at canonical.com>
On Wed, Nov 30, 2016 at 3:33 PM, Tim Gardner <tim.gardner at canonical.com> wrote:
> BugLink: http://bugs.launchpad.net/bugs/1642368
>
> Prevent staging drivers from being loadable in a secure boot environment.
>
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> ---
> drivers/staging/signature-inclusion | 5 +++++
> scripts/Makefile.modinst | 7 +++++--
> 2 files changed, 10 insertions(+), 2 deletions(-)
> create mode 100644 drivers/staging/signature-inclusion
>
> diff --git a/drivers/staging/signature-inclusion b/drivers/staging/signature-inclusion
> new file mode 100644
> index 0000000..c34f191
> --- /dev/null
> +++ b/drivers/staging/signature-inclusion
> @@ -0,0 +1,5 @@
> +#
> +# This file lists the staging drivers that are safe for signing
> +# and loading in a secure boot environment with signed module enforcement.
> +#
> +
> diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
> index 07650ee..0f7b7cb 100644
> --- a/scripts/Makefile.modinst
> +++ b/scripts/Makefile.modinst
> @@ -22,8 +22,11 @@ quiet_cmd_modules_install = INSTALL $@
> mkdir -p $(2) ; \
> cp $@ $(2) ; \
> $(mod_strip_cmd) $(2)/$(notdir $@) ; \
> - $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) && \
> - $(mod_compress_cmd) $(2)/$(notdir $@)
> + if (echo "$(2)/$(notdir $@)" | egrep -q "\/drivers\/staging\/") && \
> + (! egrep -x "$(2)/$(notdir $@)" $(CURDIR)/drivers/staging/signature-inclusion) ; \
> + then echo Not signing "$(2)/$(notdir $@)"; \
> + else $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) && \
> + $(mod_compress_cmd) $(2)/$(notdir $@); fi
>
> # Modules built outside the kernel source tree go into extra by default
> INSTALL_MOD_DIR ?= extra
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list