summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--certs/Kconfig2
-rw-r--r--certs/Makefile2
-rw-r--r--certs/system_certificates.S3
3 files changed, 5 insertions, 2 deletions
diff --git a/certs/Kconfig b/certs/Kconfig
index 48675ad319db..e4d00348fd73 100644
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -4,7 +4,7 @@ menu "Certificates for signature checking"
config MODULE_SIG_KEY
string "File name or PKCS#11 URI of module signing key"
default "certs/signing_key.pem"
- depends on MODULE_SIG || IMA_APPRAISE_MODSIG
+ depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
help
Provide the file name of a private key/certificate in PEM format,
or a PKCS#11 URI according to RFC7512. The file should contain, or
diff --git a/certs/Makefile b/certs/Makefile
index e3185c57fbd8..2f369d6aa494 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -36,8 +36,10 @@ ifeq ($(CONFIG_MODULE_SIG),y)
endif
ifeq ($(CONFIG_IMA_APPRAISE_MODSIG),y)
+ifeq ($(CONFIG_MODULES),y)
SIGN_KEY = y
endif
+endif
ifdef SIGN_KEY
###############################################################################
diff --git a/certs/system_certificates.S b/certs/system_certificates.S
index dcad27ea8527..e1645e6f4d97 100644
--- a/certs/system_certificates.S
+++ b/certs/system_certificates.S
@@ -9,7 +9,8 @@
system_certificate_list:
__cert_list_start:
__module_cert_start:
-#if defined(CONFIG_MODULE_SIG) || defined(CONFIG_IMA_APPRAISE_MODSIG)
+#if defined(CONFIG_MODULE_SIG) || (defined(CONFIG_IMA_APPRAISE_MODSIG) \
+ && defined(CONFIG_MODULES))
.incbin "certs/signing_key.x509"
#endif
__module_cert_end: