Hi,

I few ideas for people who want to build custom kernels for N950 in order to disable aegis:

* If you want to disable Aegis, just disabling it on "make menuconfig" will actually make the system unbootable (from my own experience). This is because various commands used during initialization will begin to fail.
* My tip to "disable" Aegis is to actually neutralize it, i.e. make the userspace think it is enabled, but on kernel side it is not enforced.

For instance, aegis is not "sealed" by default. At some point during initialization it is sealed with a write to a /sys/... file. So you can modify the function which implements the writing on kernel side (write_enable() in security/aegis/validator/enforce.c) to actually not set the seal bit, so it remains unsealed. You may also need to disable the bit which prevents "unsigned" kernel modules from being loaded, given that you built the kernel yourself, the hashes have probably changed.

I was too lazy to verify what each of those bits in /sys/.../enforce means, so I simply added a:

memset(&valinfo, 0, sizeof(valinfo));

right before "return count" in write_enable().

Hope that helps,