On Thu, Jun 15, 2023 at 9:06 AM Andrew Ammerlaan
<andrewammerl...@gentoo.org> wrote:
> # @FUNCTION: kernel-build_merge_configs
> @@ -270,16 +354,39 @@ kernel-build_merge_configs() {
> local user_configs=( "${BROOT}"/etc/kernel/config.d/*.config )
> shopt -u nullglob
>
> + local merge_configs=( "${@}" )
> +
> + if [[ -n "${ALLOW_MODULES_SIGN}" ]]; then
> + if use modules-sign; then
> + : "${MODULES_SIGN_HASH:=sha512}"
> + cat <<-EOF > "${WORKDIR}/modules-sign.config" || die
> + ## Enable module signing
> + CONFIG_MODULE_SIG=y
> + CONFIG_MODULE_SIG_ALL=y
> + CONFIG_MODULE_SIG_FORCE=y
> + CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y
I'm not sure if it matters, but menuconfig would also set
CONFIG_MODULE_SIG_HASH. eg.
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_FORCE=y
CONFIG_MODULE_SIG_ALL=y
# CONFIG_MODULE_SIG_SHA1 is not set
# CONFIG_MODULE_SIG_SHA224 is not set
# CONFIG_MODULE_SIG_SHA256 is not set
# CONFIG_MODULE_SIG_SHA384 is not set
CONFIG_MODULE_SIG_SHA512=y
CONFIG_MODULE_SIG_HASH="sha512"
