From patchwork Fri Nov 25 15:07:21 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mikko Rapeli <mikko.rapeli@linaro.org>
X-Patchwork-Id: 15927
Return-Path: <mikko.rapeli@linaro.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DC81DC4332F
	for <webhook@archiver.kernel.org>; Fri, 25 Nov 2022 15:07:38 +0000 (UTC)
Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25])
 by mx.groups.io with SMTP id smtpd.web10.49098.1669388852452287747
 for <openembedded-core@lists.openembedded.org>;
 Fri, 25 Nov 2022 07:07:32 -0800
Authentication-Results: mx.groups.io;
 dkim=missing;
 spf=none, err=permanent DNS error (domain: lakka.kapsi.fi, ip: 91.232.154.25,
 mailfrom: mcfrisk@lakka.kapsi.fi)
Received: from kapsi.fi ([2001:67c:1be8::11] helo=lakka.kapsi.fi)
	by mail.kapsi.fi with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <mcfrisk@lakka.kapsi.fi>)
	id 1oyaIa-00CJal-BO; Fri, 25 Nov 2022 17:07:28 +0200
Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.94.2)
	(envelope-from <mcfrisk@lakka.kapsi.fi>)
	id 1oyaIa-007BMb-1G; Fri, 25 Nov 2022 17:07:28 +0200
From: Mikko Rapeli <mikko.rapeli@linaro.org>
To: openembedded-core@lists.openembedded.org
Cc: Mikko Rapeli <mikko.rapeli@linaro.org>
Subject: [PATCH] kmod: enable openssl support by default
Date: Fri, 25 Nov 2022 17:07:21 +0200
Message-Id: <20221125150721.1702791-1-mikko.rapeli@linaro.org>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
X-Rspam-Score: -1.2 (-)
X-Rspam-Report: Action: no action
 Symbol: RCVD_TLS_LAST(0.00)
 Symbol: ARC_NA(0.00)
 Symbol: DMARC_POLICY_SOFTFAIL(0.10)
 Symbol: FROM_HAS_DN(0.00)
 Symbol: TO_DN_SOME(0.00)
 Symbol: R_MISSING_CHARSET(0.50)
 Symbol: TO_MATCH_ENVRCPT_ALL(0.00)
 Symbol: MIME_GOOD(-0.10)
 Symbol: NEURAL_SPAM(0.00)
 Symbol: RCPT_COUNT_TWO(0.00)
 Symbol: MID_CONTAINS_FROM(1.00)
 Symbol: R_SPF_NA(0.00)
 Symbol: FORGED_SENDER(0.30)
 Symbol: R_DKIM_NA(0.00)
 Symbol: MIME_TRACE(0.00)
 Symbol: ASN(0.00)
 Symbol: FROM_NEQ_ENVFROM(0.00)
 Symbol: BAYES_HAM(-3.00)
 Symbol: RCVD_COUNT_TWO(0.00)
 Message-ID: 20221125150721.1702791-1-mikko.rapeli@linaro.org
X-SA-Exim-Connect-IP: 2001:67c:1be8::11
X-SA-Exim-Mail-From: mcfrisk@lakka.kapsi.fi
X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 25 Nov 2022 15:07:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/173772

linux-yocto kernel adds openssl-native dependency by default even
when module signing is still optional. kmod should enable
openssl support too. This helps see details of signed kernel
modules and debug issues with module signing. For small systems
this can still be disabled.

modinfo output shows bad signing info when kernel signing is enabled
but openssl support is missing from kmod:

root@qemux86-64:~# dmesg|grep 509
[    0.750905] ACPI: PCI: Interrupt link LNKG configured for IRQ 11
[    0.950039] Asymmetric key parser 'x509' registered
[    1.241727] Loading compiled-in X.509 certificates
[    1.267863] Loaded X.509 cert 'Build time autogenerated kernel key: 48bcd79439f61aaf8fc19ec0882439d64db73820'
root@qemux86-64:~# lsmod
Module                  Size  Used by
sch_fq_codel           20480  1
root@qemux86-64:~# modinfo sch_fq_codel
filename:       /lib/modules/5.19.9-yocto-standard/kernel/net/sched/sch_fq_codel.ko
description:    Fair Queue CoDel discipline
license:        GPL
author:         Eric Dumazet
depends:
retpoline:      Y
intree:         Y
name:           sch_fq_codel
vermagic:       5.19.9-yocto-standard SMP preempt mod_unload
sig_id:         PKCS#7
signer:
sig_key:
sig_hashalgo:   unknown
signature:

modinfo with openssl enabled in kmod:

root@qemux86-64:~# modinfo sch_fq_codel
filename:       /lib/modules/5.19.9-yocto-standard/kernel/net/sched/sch_fq_codel.ko
description:    Fair Queue CoDel discipline
license:        GPL
author:         Eric Dumazet
depends:
retpoline:      Y
intree:         Y
name:           sch_fq_codel
vermagic:       5.19.9-yocto-standard SMP preempt mod_unload
sig_id:         PKCS#7
signer:         Build time autogenerated kernel key
sig_key:        07:9A:C4:36:96:98:6E:5B:73:CF:C8:40:A6:57:D9:03:5E:27:8D:25
sig_hashalgo:   sha512
signature:      21:4D:F0:E2:E0:7C:8E:31:A0:96:12:68:06:0D:FA:0D:E2:17:45:64:
                51:94:7E:B0:97:DD:EB:59:89:CA:1A:C3:10:E7:7C:4D:5D:F0:5D:B6:
                2A:61:D3:BF:89:7A:0D:CD:A2:39:57:1B:C6:B5:7D:C1:DB:6F:D9:36:
                29:7A:07:18:F5:22:9F:9A:33:4D:38:BC:79:C8:51:8B:82:0F:B4:09:
                08:37:52:11:98:50:7E:19:28:0F:13:2E:03:A5:E8:F8:D9:E7:DF:61:
                18:AC:22:FE:96:BD:D0:55:96:9E:C9:1C:15:C9:0B:9A:5A:FD:D0:C0:
                8F:41:12:5B:EA:4B:E5:5D:4D:EA:D5:2E:E5:80:D4:51:CC:63:97:F3:
                4B:39:CC:B6:A1:83:F5:EF:2F:A1:22:CD:CA:BC:DB:82:C0:E4:AB:13:
                5D:C5:F3:BC:B7:3E:B4:16:BF:87:1D:AC:69:43:1F:78:2A:5F:E2:63:
                52:A2:DA:FC:F9:C0:BA:D8:1A:FE:58:4E:6A:D8:DE:BE:F8:F6:C2:59:
                CE:F5:0A:A0:15:A3:01:BC:B6:70:36:4E:5F:D6:9B:B0:DE:93:15:3E:
                35:37:38:D9:01:2B:72:2F:D3:74:A4:AD:F4:5F:52:74:44:E1:C9:D3:
                A9:87:BC:93:58:8A:82:DB:14:6F:E0:4D:AF:8E:B5:3D:92:20:8B:4A:
                04:54:6C:21:F1:76:DF:08:A9:0A:A5:D5:D0:17:CA:98:B5:F4:9F:F6:
                9C:8F:DA:09:C2:37:FB:36:23:D1:25:27:4C:DB:9B:43:19:EB:55:1C:
                DA:32:04:A5:B1:97:F7:A3:3B:82:55:FD:BD:6D:90:BB:61:E6:D3:93:
                42:CB:FD:4A:1B:3E:03:43:7D:E3:85:32:91:45:C9:B4:CD:DC:B7:07:
                37:58:8A:4A:49:5F:F7:26:41:E1:BB:A1:64:B5:86:00:17:9D:D7:81:
                31:BA:DC:BF:04:CC:11:55:B1:C6:24:83:43:33:34:2D:BF:00:74:26:
                6A:EC:56:90:C7:1B:C2:78:5C:7F:25:2D:78:BD:C5:D9:7D:69:6A:32:
                5D:EF:48:6C:21:64:47:2A:FE:34:3C:58:8D:9E:D7:42:76:BE:89:84:
                8D:62:9D:62:DE:7C:88:C4:5F:AA:13:20:6B:90:53:16:4E:06:EE:8A:
                DE:F7:EA:F8:92:03:7D:84:B7:0C:9F:A0:52:B7:5E:21:BF:37:6A:C9:
                34:6D:69:1E:4A:CC:48:F2:0A:6C:B8:AD:83:C0:8F:76:CC:43:0E:29:
                17:A9:22:F3:0B:59:A9:87:24:AD:84:CD:EE:E2:C3:93:F7:A8:11:ED:
                9A:CC:DA:7F:9D:73:06:5C:A7:1A:6A:54

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta/recipes-kernel/kmod/kmod_30.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/kmod/kmod_30.bb b/meta/recipes-kernel/kmod/kmod_30.bb
index 8eb83efe6d..ff6e20554b 100644
--- a/meta/recipes-kernel/kmod/kmod_30.bb
+++ b/meta/recipes-kernel/kmod/kmod_30.bb
@@ -26,7 +26,7 @@ S = "${WORKDIR}/git"
 
 EXTRA_OECONF += "--enable-tools"
 
-PACKAGECONFIG ??= "zlib xz"
+PACKAGECONFIG ??= "zlib xz openssl"
 PACKAGECONFIG[debug] = "--enable-debug,--disable-debug"
 PACKAGECONFIG[logging] = " --enable-logging,--disable-logging"
 PACKAGECONFIG[manpages] = "--enable-manpages, --disable-manpages, libxslt-native xmlto-native"