commit 12abbef0096b249fb517902aff4cb227c51e4a21

OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=835

config.tar.bz2

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ab3833b4b1a53c451fc70b0aaf7bbdda56876635072219d2bb5c669fb10e902e
-size 177353
+oid sha256:431ff7ca5fcf092c8f40bd7740e2c80b6a29f78aa1b56220c96f825f6d61e8ea
+size 177636

dtb-aarch64.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

dtb-aarch64.spec

@@ -31,7 +31,7 @@
 Name:           dtb-aarch64
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

dtb-armv6l.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

dtb-armv6l.spec

@@ -31,7 +31,7 @@
 Name:           dtb-armv6l
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

dtb-armv7l.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

dtb-armv7l.spec

@@ -31,7 +31,7 @@
 Name:           dtb-armv7l
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-64kb.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-64kb.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-debug.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-debug.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-default.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-default.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-docs.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-docs.spec

@@ -33,7 +33,7 @@ License:        GPL-2.0
 Group:          Documentation/Man
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-lpae.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-lpae.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-obs-build.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-obs-build.spec

@@ -66,7 +66,7 @@ License:        GPL-2.0
 Group:          SLES
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-obs-qa.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-obs-qa.spec

@@ -38,7 +38,7 @@ License:        GPL-2.0
 Group:          SLES
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-pae.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-pae.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-source.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-source.spec

@@ -32,7 +32,7 @@ License:        GPL-2.0
 Group:          Development/Sources
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-syms.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-syms.spec

@@ -27,7 +27,7 @@ Group:          Development/Sources
 Version:        4.15.13
 %if %using_buildservice
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-syzkaller.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-syzkaller.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-vanilla.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-vanilla.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

kernel-zfcpdump.changes

@@ -970,6 +970,36 @@ Wed Mar  7 16:09:53 CET 2018 - tiwai@suse.de
   MMIO when running nested (bsc#1081431).
 - commit 4e5b14d
 
+-------------------------------------------------------------------
+Tue Mar  6 14:08:41 CET 2018 - jslaby@suse.cz
+
+- Update config files.
+  Enable module signing (bnc#1082905):
+  * CONFIG_MODULE_SIG=y
+  * # CONFIG_MODULE_SIG_FORCE is not set
+  * # CONFIG_MODULE_SIG_ALL is not set
+  * # CONFIG_MODULE_SIG_SHA1 is not set
+  * # CONFIG_MODULE_SIG_SHA224 is not set
+  * CONFIG_MODULE_SIG_SHA256=y
+  * # CONFIG_MODULE_SIG_SHA384 is not set
+  * # CONFIG_MODULE_SIG_SHA512 is not set
+  * CONFIG_MODULE_SIG_HASH="sha256"
+  * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+  * CONFIG_SECONDARY_TRUSTED_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+  * CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
+  This commit synchronizes these options with SLE15.
+  We do not add patches for loading keys from the shim layer (as in
+  SLE15) for the time being. They were rejected multiple times in
+  upstream and we do not want to forward-port them infinitely. This only
+  means that loading KMPs with none/invalid signatures generates this:
+  <module_name>: loading out-of-tree module taints kernel.
+  <module_name>: module verification failed: signature and/or required key missing - tainting kernel
+  But the modules load fine after that as we have MODULE_SIG_FORCE set
+  to 'n'.
+  Tested in qemu+OVMF and bare metal and everything looks fine.
+- commit 12abbef
+
 -------------------------------------------------------------------
 Fri Mar  2 12:52:26 CET 2018 - tiwai@suse.de
 

kernel-zfcpdump.spec

@@ -60,7 +60,7 @@ License:        GPL-2.0
 Group:          System/Kernel
 Version:        4.15.13
 %if 0%{?is_kotd}
-Release:        <RELEASE>.g950fc49
+Release:        <RELEASE>.g12abbef
 %else
 Release:        0
 %endif

source-timestamp

@@ -1,3 +1,3 @@
-2018-03-25 10:34:58 +0200
-GIT Revision: 950fc49446f43cd0aa5c406e5dd837053ee73f3b
+2018-03-25 22:21:41 +0200
+GIT Revision: 12abbef0096b249fb517902aff4cb227c51e4a21
 GIT Branch: stable