[PATCH 0/3] Use rusty-style signed modules
Josh Boyer
jwboyer at redhat.com
Mon Sep 17 14:00:26 UTC 2012
Hi All,
Following is a brief series to change the F18 kernel over to using the
"Rusty" style signed modules. This takes David's 'modsign-rusty' branch
and applies it in place of the currently used 'modsign' patch set.
There is one notable change I've done, which is to replace David's:
MODSIGN: Sign modules during the build process
patch with a different one. The new patch adds a new 'modules_sign'
make target and allows us to still utilize RPM's debuginfo generation
with signed modules. I've attached just that patch below for closer
review.
To spare people's inboxes, patch 3/3 won't contain the full
modsign-rusty-jwb and secure-boot patchsets. Those can be found here:
http://jwboyer.fedorapeople.org/pub/modsign-rusty-jwb.patch
http://jwboyer.fedorapeople.org/pub/secure-boot-20120830.patch
Most of the overall change in these patches is dealing with moving some
of the modules-extra handling around to make it easier. The rest should
be fairly self-explanatory.
I've tested this on both x86_64 and i686/PAE KVM guests using the kernel
command line options to verify things. The modules are indeed still
signed after install, and the debuginfo seems to still work properly via
gdb in that gdb can find the correct .debug files for modules, etc.
Comments/questions welcome.
josh
---
More information about the kernel
mailing list