review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Bruno E. O. Meneguele <brdeoliv@redhat.com>
	Tue, 24 Oct 2017 17:37:00 +0000 (15:37 -0200)
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Wed, 8 Nov 2017 20:16:36 +0000 (15:16 -0500)
commit	fda784e50aace694ec2e4e16e2de07b91a938563
tree	c3df3df519da44cda091f23764425cae97715d26	tree \| snapshot
parent	ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee	commit \| diff

module: export module signature enforcement status

A static variable sig_enforce is used as status var to indicate the real
value of CONFIG_MODULE_SIG_FORCE, once this one is set the var will hold
true, but if the CONFIG is not set the status var will hold whatever
value is present in the module.sig_enforce kernel cmdline param: true
when =1 and false when =0 or not present.

Considering this cmdline param take place over the CONFIG value when
it's not set, other places in the kernel could misbehave since they
would have only the CONFIG_MODULE_SIG_FORCE value to rely on. Exporting
this status var allows the kernel to rely in the effective value of
module signature enforcement, being it from CONFIG value or cmdline
param.

Signed-off-by: Bruno E. O. Meneguele <brdeoliv@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

include/linux/module.h		diff \| blob \| history
kernel/module.c		diff \| blob \| history