kernel: Sign kernel modules only if CONFIG_MODULE_SIG_FORMAT=y

Change-Id: If8ef12f2b751390fc1689edb551379ca2e4e78be

build/tasks/kernel.mk

@@ -595,11 +595,13 @@ $(TARGET_PREBUILT_INT_KERNEL): $(KERNEL_CONFIG) $(DEPMOD) $(DTC) $(KERNEL_MODULE
 					if [[ ! "$(SYSTEM_KERNEL_MODULES)" =~ "$$module_name" ]]; then echo $$n; fi; \
 				done); \
 				($(call build-image-kernel-modules-lineage,$$filtered_modules,$(KERNEL_MODULES_OUT),$(KERNEL_MODULE_MOUNTPOINT)/,$(KERNEL_DEPMOD_STAGING_DIR),$(BOARD_VENDOR_KERNEL_MODULES_LOAD),,$(KERNEL_MODULES_PARTITION_FILE_LIST),$(SYSTEM_KERNEL_DEPMOD_STAGING_DIR)/lib/modules/0.0/$(SYSTEM_KERNEL_MODULE_MOUNTPOINT))) || exit "$$?"; \
-				(for m in $$(find $(SYSTEM_KERNEL_MODULES_OUT) -type f -name "*.ko"); do \
-					$(KERNEL_OUT)/scripts/sign-file sha1 \
-					$(KERNEL_OUT)/certs/signing_key.pem \
-					$(KERNEL_OUT)/certs/signing_key.x509 "$$m"; \
-				done) || exit "$$?"; \
+				if grep -q 'CONFIG_MODULE_SIG_FORMAT=y' $(KERNEL_CONFIG); then \
+					(for m in $$(find $(SYSTEM_KERNEL_MODULES_OUT) -type f -name "*.ko"); do \
+						$(KERNEL_OUT)/scripts/sign-file sha1 \
+						$(KERNEL_OUT)/certs/signing_key.pem \
+						$(KERNEL_OUT)/certs/signing_key.x509 "$$m"; \
+					done) || exit "$$?"; \
+				fi; \
 				,\
 				($(call build-image-kernel-modules-lineage,$$all_modules,$(KERNEL_MODULES_OUT),$(KERNEL_MODULE_MOUNTPOINT)/,$(KERNEL_DEPMOD_STAGING_DIR),$(BOARD_VENDOR_KERNEL_MODULES_LOAD),,$(KERNEL_MODULES_PARTITION_FILE_LIST),)) || exit "$$?"; \
 			) \