diff --git a/config-x86-generic b/config-x86-generic
index f2a071e..64f5a2f 100644
--- a/config-x86-generic
+++ b/config-x86-generic
@@ -441,14 +441,14 @@ CONFIG_VMWARE_VMCI_VSOCKETS=m
CONFIG_XZ_DEC_X86=y
CONFIG_MPILIB=y
-CONFIG_PKCS7_MESSAGE_PARSER=y
-CONFIG_PE_FILE_PARSER=y
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_ALL=y
# CONFIG_MODULE_SIG_SHA1 is not set
CONFIG_MODULE_SIG_SHA256=y
# CONFIG_MODULE_SIG_FORCE is not set
-CONFIG_SYSTEM_BLACKLIST_KEYRING=y
+CONFIG_MODULE_SIG_BLACKLIST=y
+CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
+CONFIG_EFI_SIGNATURE_LIST_PARSER=y
CONFIG_MODULE_SIG_UEFI=y
diff --git a/kernel.spec b/kernel.spec
index 4f2f076..c6f3918 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -62,7 +62,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
-%global baserelease 1
+%global baserelease 4
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@@ -647,8 +647,10 @@ Patch800: crash-driver.patch
# crypto/
# secure boot
-Patch1000: devel-pekey-secure-boot-20130820.patch
-Patch1001: devel-sysrq-secure-boot-20130717.patch
+Patch1000: secure-modules.patch
+Patch1001: modsign-uefi.patch
+Patch1002: sb-hibernate.patch
+Patch1003: devel-sysrq-secure-boot-20130717.patch
# virt + ksm patches
@@ -1371,8 +1373,10 @@ ApplyPatch crash-driver.patch
# crypto/
# secure boot
-ApplyPatch devel-pekey-secure-boot-20130820.patch
-ApplyPatch devel-sysrq-secure-boot-20130717.patch
+ApplyPatch secure-modules.patch
+ApplyPatch modsign-uefi.patch
+ApplyPatch sb-hibernate.patch
+#pplyPatch devel-sysrq-secure-boot-20130717.patch
# Assorted Virt Fixes
_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel
