diff mbox

[Xenial,SRU] UBUNTU: [Debian] Suppress module signing for staging drivers

Message ID 1479325245-18140-1-git-send-email-tim.gardner@canonical.com
State New
Headers show

Commit Message

Tim Gardner Nov. 16, 2016, 7:40 p.m. UTC 
BugLink: http://bugs.launchpad.net/bugs/1642368

Prevent staging drivers from being loadable in a secure boot environment.

Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
 scripts/Makefile.modinst | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Marcelo Henrique Cerri Nov. 17, 2016, 12:17 p.m. UTC | #1
diff mbox

Patch

diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
index 07650ee..c03a32b 100644
--- a/scripts/Makefile.modinst
+++ b/scripts/Makefile.modinst
@@ -22,8 +22,10 @@  quiet_cmd_modules_install = INSTALL $@
     mkdir -p $(2) ; \
     cp $@ $(2) ; \
     $(mod_strip_cmd) $(2)/$(notdir $@) ; \
-    $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) && \
-    $(mod_compress_cmd) $(2)/$(notdir $@)
+    if echo "$(2)/$(notdir $@)" | egrep -q "\/drivers\/staging\/" ; \
+	then echo Not signing "$(2)/$(notdir $@)"; \
+	else $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) && \
+		$(mod_compress_cmd) $(2)/$(notdir $@); fi
 
 # Modules built outside the kernel source tree go into extra by default
 INSTALL_MOD_DIR ?= extra