On 15/06/2023 15:46, Mike Gilbert wrote:
On Thu, Jun 15, 2023 at 9:06 AM Andrew Ammerlaan
<andrewammerl...@gentoo.org> wrote:
   # @FUNCTION: kernel-build_merge_configs
@@ -270,16 +354,39 @@ kernel-build_merge_configs() {
         local user_configs=( "${BROOT}"/etc/kernel/config.d/*.config )
         shopt -u nullglob
+       local merge_configs=( "${@}" )
+
+       if [[ -n "${ALLOW_MODULES_SIGN}" ]]; then
+               if use modules-sign; then
+                       : "${MODULES_SIGN_HASH:=sha512}"
+                       cat <<-EOF > "${WORKDIR}/modules-sign.config" || die
+                               ## Enable module signing
+                               CONFIG_MODULE_SIG=y
+                               CONFIG_MODULE_SIG_ALL=y
+                               CONFIG_MODULE_SIG_FORCE=y
+                               CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y
I'm not sure if it matters, but menuconfig would also set
CONFIG_MODULE_SIG_HASH. eg.
When I tested this earlier CONFIG_MODULE_SIG_HASH was entirely dependent 
on the setting of CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}.
I.e. setting CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y automatically 
sets CONFIG_MODULE_SIG_HASH=${MODULES_SIGN_HASH} to the same value. Only 
setting CONFIG_MODULE_SIG_HASH is ignored and it reverts back to the 
default value of CONFIG_MODULE_SIG_SHA512. We could set both, but there 
is no functional difference.
Best regards,
Andrew


Reply via email to