Use and enforce kernel module signing We use a build time generated key, as we never care about building additional kernel modules to load. For added security, as part of your build process, you should erase this build artifact. Fixes: https://github.com/open-power/op-build/issues/525 Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>

commit: 034ff11c71f3ea49186781543dd3b6e88b191996 [log] [tgz]
author: Stewart Smith <stewart@linux.vnet.ibm.com> Fri Mar 10 11:56:22 2017 +1100
committer: Stewart Smith <stewart@linux.vnet.ibm.com> Fri Mar 10 11:57:10 2017 +1100
tree: 9d89b8b2c079d002a0ade12012061f64e31c8227
parent: 333c9b668edc0dc01ded8de88709a1c0c634a538 [diff]
diff --git a/openpower/configs/linux/skiroot_defconfig b/openpower/configs/linux/skiroot_defconfig
index c85fd6a..e72fc34 100644
--- a/openpower/configs/linux/skiroot_defconfig
+++ b/openpower/configs/linux/skiroot_defconfig

@@ -31,6 +31,9 @@
 CONFIG_JUMP_LABEL=y
 CONFIG_MODULES=y
 CONFIG_MODULE_UNLOAD=y
+CONFIG_MODULE_SIG=y
+CONFIG_MODULE_SIG_FORCE=y
+CONFIG_MODULE_SIG_SHA512=y
 CONFIG_PARTITION_ADVANCED=y
 # CONFIG_IOSCHED_DEADLINE is not set
 # CONFIG_PPC_PSERIES is not set
commit	034ff11c71f3ea49186781543dd3b6e88b191996	[log] [tgz]
author	Stewart Smith <stewart@linux.vnet.ibm.com>	Fri Mar 10 11:56:22 2017 +1100
committer	Stewart Smith <stewart@linux.vnet.ibm.com>	Fri Mar 10 11:57:10 2017 +1100
tree	9d89b8b2c079d002a0ade12012061f64e31c8227
parent	333c9b668edc0dc01ded8de88709a1c0c634a538 [diff]