From 582758eb22faf79ddfac4cf996e69bed7a31a77e Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Sun, 15 Mar 2020 13:15:38 +0300
Subject: [PATCH] CRYPTO_ECRDSA must be built in to load kernel keyring and
 modules

---
 kernel.spec | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/kernel.spec b/kernel.spec
index 3d55915..6a0163a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -11,7 +11,7 @@
 %define sublevel	25
 
 # Release number. Increase this before a rebuild.
-%define rpmrel		2
+%define rpmrel		3
 %define fullrpmrel	%{rpmrel}
 
 %define rpmtag		%{disttag}
@@ -869,9 +869,12 @@ echo CONFIG_INIT_ON_FREE_DEFAULT_ON=y >> %{build_dir}/.config.append
 # Here enabling only either only init_on_free or only init_on_alloc
 # makes sense; init_on_alloc is not about protecting information.
 
-# Keep Streebog crypto built-in to enable loading streebog-signed kernel modules
+# Keep GOST crypto built-in to enable loading GOST-signed kernel modules
+# and GOST keys from the kernel keyring
 sed -i '/CONFIG_CRYPTO_STREEBOG/d' .config
 echo 'CONFIG_CRYPTO_STREEBOG=y' >> %{build_dir}/.config.append
+sed -i '/CONFIG_CRYPTO_ECRDSA/d' .config
+echo 'CONFIG_CRYPTO_ECRDSA=y' >> %{build_dir}/.config.append
 %endif
 
 cat %{build_dir}/.config.append >> .config