[PATCH v9 07/14] integrity: Select CONFIG_KEYS instead of depending on it

[PATCH v9 00/14] Appended signatures support for IMA appraisal · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 01/14] MODSIGN: Export module signature definitions · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 02/14] PKCS#7: Refactor verify_pkcs7_signature() and add pkcs7_get_message_sig() · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 03/14] PKCS#7: Introduce pkcs7_get_digest() · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 04/14] integrity: Introduce struct evm_xattr · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 05/14] integrity: Introduce integrity_keyring_from_id() · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 06/14] integrity: Introduce asymmetric_sig_has_known_key() · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 07/14] integrity: Select CONFIG_KEYS instead of depending on it · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 08/14] ima: Introduce is_signed() · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 09/14] ima: Export func_tokens · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 10/14] ima: Add modsig appraise_type option for module-style appended signatures · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 11/14] ima: Implement support for module-style appended signatures · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 12/14] ima: Add new "d-sig" template field · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 13/14] ima: Write modsig to the measurement list · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v9 14/14] ima: Store the measurement again when appraising a modsig · Thiago Jung Bauermann <hidden> · 2018-12-13

STALE2736d

Revisions (6)

2018-05-23 v7 [diff vs current]
2018-11-16 v8 [diff vs current]
2018-12-13 v9 current
2019-04-18 v10 [diff vs current]
2019-06-11 v11 [diff vs current]
2019-06-28 v12 [diff vs current]

From: Thiago Jung Bauermann <hidden>
Date: 2018-12-13 02:11:42
Also in: keyrings, linux-crypto, linux-doc, linux-integrity, linuxppc-dev, lkml
Subsystem: extended verification module (evm), integrity measurement architecture (ima), security subsystem, the rest · Maintainers: Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

This avoids a dependency cycle in soon-to-be-introduced
CONFIG_IMA_APPRAISE_MODSIG: it will select CONFIG_MODULE_SIG_FORMAT
which in turn selects CONFIG_KEYS. Kconfig then complains that
CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS.

Signed-off-by: Thiago Jung Bauermann <redacted>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 security/integrity/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 4b4d2aeef539..176905bef20a 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig

@@ -17,8 +17,8 @@ if INTEGRITY
 
 config INTEGRITY_SIGNATURE
 	bool "Digital signature verification using multiple keyrings"
-	depends on KEYS
 	default n
+	select KEYS
 	select SIGNATURE
 	help
 	  This option enables digital signature verification support

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help