[PATCH Xenial SRU] UBUNTU: [Debian] Suppress module signing for staging drivers
Stefan Bader
stefan.bader at canonical.com
Mon Nov 21 10:23:58 UTC 2016
On 16.11.2016 21:04, Tim Gardner wrote:
> BugLink: http://bugs.launchpad.net/bugs/1642368
>
> Prevent staging drivers from being loadable in a secure boot environment.
Hm, while I can see the reasoning from a security point of view, there are
several network/wireless drivers under staging which might be required for
laptops which in turn are most likely to have secure boot turned on. Isn't the
risk of regression just too high for SRU?
-Stefan
>
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> ---
> scripts/Makefile.modinst | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
> index 07650ee..c03a32b 100644
> --- a/scripts/Makefile.modinst
> +++ b/scripts/Makefile.modinst
> @@ -22,8 +22,10 @@ quiet_cmd_modules_install = INSTALL $@
> mkdir -p $(2) ; \
> cp $@ $(2) ; \
> $(mod_strip_cmd) $(2)/$(notdir $@) ; \
> - $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) && \
> - $(mod_compress_cmd) $(2)/$(notdir $@)
> + if echo "$(2)/$(notdir $@)" | egrep -q "\/drivers\/staging\/" ; \
> + then echo Not signing "$(2)/$(notdir $@)"; \
> + else $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) && \
> + $(mod_compress_cmd) $(2)/$(notdir $@); fi
>
> # Modules built outside the kernel source tree go into extra by default
> INSTALL_MOD_DIR ?= extra
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20161121/a7a7b4c7/attachment.sig>
More information about the kernel-team
mailing list