On Sat, Apr 30, 2016 at 08:51:25PM +0000, Debian Bug Tracking System wrote:
> You wrote:
> [...]
> > Should I remove CONFIG_SYSTEM_TRUSTED_KEYS from .config before building
> > the kernel? I hope not.
> [...]
>
> Yes, you must do that. Your custom kernel configuration should be
> based on the appropriate file provided in linux-source-4.5. These have
> the CONFIG_MODULE_SIG_ALL, CONFIG_MODULE_SIG_KEY and
> CONFIG_SYSTEM_TRUSTED_KEYS settings removed so that custom kernels will
> get modules signed by a one-time key.
If I have to remove CONFIG_SYSTEM_TRUSTED_KEYS by hand, then
documentation is wrong.
This is from README, which is included in linux-source-4.5:
"make localmodconfig" Create a config based on current config and
loaded modules (lsmod). Disables any module
option that is not needed for the loaded modules.
============> To create a localmodconfig for another machine,
store the lsmod of that machine into a file
and pass it in as a LSMOD parameter.
target$ lsmod > /tmp/mylsmod
target$ scp /tmp/mylsmod host:/tmp
host$ make LSMOD=/tmp/mylsmod localmodconfig
The above also works when cross compiling.
So, this recipe is no longer valid.
How is this not a documentation bug?
