summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMasahiro Yamada <masahiroy@kernel.org>2021-10-01 13:01:26 +0900
committerMasahiro Yamada <masahiroy@kernel.org>2021-12-11 22:09:14 +0900
commitbe0d5fa7f0373197a44ebeb3f9e833ee50376225 (patch)
tree524786bb810b4f080995ccf5bffeee58eeb1c1bf
parent4dc0759c563a9aa3aa09c316a066d265f3930887 (diff)
certs: move the 'depends on' to the choice of module signing keys
When the condition "MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)" is unmet, you cannot choose anything in the choice, but the choice menu is still displayed in the menuconfig etc. Move the 'depends on' to the choice to hide the meaningless menu. Also delete the redundant 'default'. In a choice, the first entry is the default. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
-rw-r--r--certs/Kconfig4
1 files changed, 1 insertions, 3 deletions
diff --git a/certs/Kconfig b/certs/Kconfig
index ae7f2e876a31..73d1350c223a 100644
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -17,21 +17,19 @@ config MODULE_SIG_KEY
choice
prompt "Type of module signing key to be generated"
- default MODULE_SIG_KEY_TYPE_RSA
+ depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
help
The type of module signing key type to generate. This option
does not apply if a #PKCS11 URI is used.
config MODULE_SIG_KEY_TYPE_RSA
bool "RSA"
- depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
help
Use an RSA key for module signing.
config MODULE_SIG_KEY_TYPE_ECDSA
bool "ECDSA"
select CRYPTO_ECDSA
- depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
help
Use an elliptic curve key (NIST P384) for module signing. Consider
using a strong hash like sha256 or sha384 for hashing modules.