diff --git a/kernel/module/signing.c b/kernel/module/signing.c
From 36dc5cf3039c0751fe95370a247ca1c23c06571c Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Mon, 10 Aug 2020 10:38:20 +0300
Subject: [PATCH] ROSA: ima: allow to off modules signature check dynamically
Allow module.sig_enforce=0 kernel cmdline, not only module.sig_enforce=1
It allows to keep CONFIG_MODULE_SIG_FORCE=y, but disable it when really needed
without recompiling the kernel (it may be impossible, e.g. in certified systems).
GRUB or another bootloader is password-protected when needed,
so I am not afraid much that someone will be able to turn it off when not needed.
ROSA-specific patch.
This violates requirements of "secure boot", but currently we do not have secure boot in ROSA.
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
---

index a2ff424..e045f46 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -20,8 +20,7 @@
 #define MODULE_PARAM_PREFIX "module."
 
 static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
-module_param(sig_enforce, bool_enable_only, 0644);
-
+module_param(sig_enforce, bool, 0644);
 /*
  * Export sig_enforce kernel cmdline parameter to allow other subsystems rely
  * on that instead of directly to CONFIG_MODULE_SIG_FORCE config.