[PATCH v8 07/14] integrity: Select CONFIG_KEYS instead of depending on it

[PATCH v8 00/14] Appended signatures support for IMA appraisal · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 01/14] MODSIGN: Export module signature definitions · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 02/14] PKCS#7: Refactor verify_pkcs7_signature() and add pkcs7_get_message_sig() · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 03/14] PKCS#7: Introduce pkcs7_get_digest() · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 04/14] integrity: Introduce struct evm_xattr · Thiago Jung Bauermann <hidden> · 2018-11-16
Re: [PATCH v8 04/14] integrity: Introduce struct evm_xattr · Mimi Zohar <zohar@linux.ibm.com> · 2018-11-29
[PATCH v8 05/14] integrity: Introduce integrity_keyring_from_id() · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 06/14] integrity: Introduce asymmetric_sig_has_known_key() · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 07/14] integrity: Select CONFIG_KEYS instead of depending on it · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 08/14] ima: Introduce is_signed() · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 09/14] ima: Export func_tokens · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 11/14] ima: Implement support for module-style appended signatures · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 12/14] ima: Add new "d-sig" template field · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 13/14] ima: Write modsig to the measurement list · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 14/14] ima: Store the measurement again when appraising a modsig · Thiago Jung Bauermann <hidden> · 2018-11-16
[PATCH v8 10/14] ima: Add modsig appraise_type option for module-style appended signatures · Thiago Jung Bauermann <hidden> · 2018-11-16
Re: [PATCH v8 00/14] Appended signatures support for IMA appraisal · James Morris <jmorris@namei.org> · 2018-12-04
Re: [PATCH v8 00/14] Appended signatures support for IMA appraisal · Thiago Jung Bauermann <hidden> · 2018-12-04

STALE2739d

Revisions (6)

2018-05-23 v7 [diff vs current]
2018-11-16 v8 current
2018-12-13 v9 [diff vs current]
2019-04-18 v10 [diff vs current]
2019-06-11 v11 [diff vs current]
2019-06-28 v12 [diff vs current]

From: Thiago Jung Bauermann <hidden>
Date: 2018-11-16 20:09:02
Also in: keyrings, linux-crypto, linux-doc, linux-integrity, linux-security-module, lkml
Subsystem: extended verification module (evm), integrity measurement architecture (ima), security subsystem, the rest · Maintainers: Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

This avoids a dependency cycle in soon-to-be-introduced
CONFIG_IMA_APPRAISE_MODSIG: it will select CONFIG_MODULE_SIG_FORMAT
which in turn selects CONFIG_KEYS. Kconfig then complains that
CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS.

Signed-off-by: Thiago Jung Bauermann <redacted>
Signed-off-by: Mimi Zohar <redacted>
---
 security/integrity/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index da9565891738..0d642e0317c7 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig

@@ -17,8 +17,8 @@ if INTEGRITY
 
 config INTEGRITY_SIGNATURE
 	bool "Digital signature verification using multiple keyrings"
-	depends on KEYS
 	default n
+	select KEYS
 	select SIGNATURE
 	help
 	  This option enables digital signature verification support

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help