From 75b594f47d73c8caba1f9d36485b833976176fca Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Fri, 23 Oct 2020 02:15:26 -0700
Subject: [PATCH] Limit module features. Enforce signed modules

---
 config/buildroot/board/x86_64/linux.config | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/config/buildroot/board/x86_64/linux.config b/config/buildroot/board/x86_64/linux.config
index f08a3bb..7c7633d 100644
--- a/config/buildroot/board/x86_64/linux.config
+++ b/config/buildroot/board/x86_64/linux.config
@@ -122,10 +122,8 @@ CONFIG_KPROBES=y
 CONFIG_JUMP_LABEL=y
 CONFIG_COMPAT_32BIT_TIME=y
 CONFIG_MODULES=y
-CONFIG_MODULE_FORCE_LOAD=y
-CONFIG_MODULE_UNLOAD=y
-CONFIG_MODULE_FORCE_UNLOAD=y
-CONFIG_MODVERSIONS=y
+CONFIG_MODULE_SIG=y
+CONFIG_MODULE_SIG_FORCE=y
 # CONFIG_UNUSED_SYMBOLS is not set
 CONFIG_BLK_DEV_INTEGRITY=y
 CONFIG_BLK_DEV_ZONED=y
@@ -1533,8 +1531,6 @@ CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
 CONFIG_CRYPTO_DEV_QAT_C3XXXVF=m
 CONFIG_CRYPTO_DEV_QAT_C62XVF=m
 CONFIG_CRYPTO_DEV_CHELSIO=m
-CONFIG_PKCS7_MESSAGE_PARSER=y
-CONFIG_SYSTEM_TRUSTED_KEYRING=y
 CONFIG_SECONDARY_TRUSTED_KEYRING=y
 CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 CONFIG_CORDIC=m