From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-99854-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id EB168158008
	for <garchives@archives.gentoo.org>; Thu, 15 Jun 2023 13:46:50 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 39F73E08F1;
	Thu, 15 Jun 2023 13:46:47 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E6B1BE08C0
	for <gentoo-dev@lists.gentoo.org>; Thu, 15 Jun 2023 13:46:46 +0000 (UTC)
Received: by mail-yw1-f181.google.com with SMTP id 00721157ae682-570284c7e61so10967807b3.1
        for <gentoo-dev@lists.gentoo.org>; Thu, 15 Jun 2023 06:46:45 -0700 (PDT)
X-Gm-Message-State: AC+VfDwxetTua/xOT3g9IyEimkAkzkjEgEJvwy6PRoI6yPOd5ynQhcCZ
	A3euUN46d1y/Tlv/PlrMUK7AAVLZLO7137LZWLY=
X-Google-Smtp-Source: ACHHUZ4O2dmQ7uFN/+bT3y0t40NyYWUPzM9AMAwVXHvc0qAkMYK2NJFqAXZLP6J+5vWf/OfhMIO4Z4lDZfCMgeTk0iU=
X-Received: by 2002:a0d:e64d:0:b0:569:74f3:f3e1 with SMTP id
 p74-20020a0de64d000000b0056974f3f3e1mr4519229ywe.0.1686836804025; Thu, 15 Jun
 2023 06:46:44 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
References: <dcdeb283-8276-6ac6-f430-5131a0e81883@gentoo.org> <fd911b23-dfeb-e8ca-3fac-8ad5bb405de8@gentoo.org>
In-Reply-To: <fd911b23-dfeb-e8ca-3fac-8ad5bb405de8@gentoo.org>
From: Mike Gilbert <floppym@gentoo.org>
Date: Thu, 15 Jun 2023 09:46:32 -0400
X-Gmail-Original-Message-ID: <CAJ0EP426px_7tssr1XAgAQ-dzXKvg+UxG+bHQX-fQmAPF2h8gw@mail.gmail.com>
Message-ID: <CAJ0EP426px_7tssr1XAgAQ-dzXKvg+UxG+bHQX-fQmAPF2h8gw@mail.gmail.com>
Subject: Re: [gentoo-dev] [PATCH 1/2 v2] kernel-build.eclass: add IUSE="+strip
 modules-sign", install generated keys
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 5335ea28-0ab3-4cdf-a0f9-a08ea255ffa3
X-Archives-Hash: dbcfcec0d3bcf21349404508643f1337

On Thu, Jun 15, 2023 at 9:06=E2=80=AFAM Andrew Ammerlaan
<andrewammerlaan@gentoo.org> wrote:
>   # @FUNCTION: kernel-build_merge_configs
> @@ -270,16 +354,39 @@ kernel-build_merge_configs() {
>         local user_configs=3D( "${BROOT}"/etc/kernel/config.d/*.config )
>         shopt -u nullglob
>
> +       local merge_configs=3D( "${@}" )
> +
> +       if [[ -n "${ALLOW_MODULES_SIGN}" ]]; then
> +               if use modules-sign; then
> +                       : "${MODULES_SIGN_HASH:=3Dsha512}"
> +                       cat <<-EOF > "${WORKDIR}/modules-sign.config" || =
die
> +                               ## Enable module signing
> +                               CONFIG_MODULE_SIG=3Dy
> +                               CONFIG_MODULE_SIG_ALL=3Dy
> +                               CONFIG_MODULE_SIG_FORCE=3Dy
> +                               CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=
=3Dy

I'm not sure if it matters, but menuconfig would also set
CONFIG_MODULE_SIG_HASH. eg.

CONFIG_MODULE_SIG=3Dy
CONFIG_MODULE_SIG_FORCE=3Dy
CONFIG_MODULE_SIG_ALL=3Dy
# CONFIG_MODULE_SIG_SHA1 is not set
# CONFIG_MODULE_SIG_SHA224 is not set
# CONFIG_MODULE_SIG_SHA256 is not set
# CONFIG_MODULE_SIG_SHA384 is not set
CONFIG_MODULE_SIG_SHA512=3Dy
CONFIG_MODULE_SIG_HASH=3D"sha512"