Commit be0d5fa7 authored by Masahiro Yamada's avatar Masahiro Yamada
Browse files

certs: move the 'depends on' to the choice of module signing keys 



When the condition "MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)"
is unmet, you cannot choose anything in the choice, but the choice
menu is still displayed in the menuconfig etc.

Move the 'depends on' to the choice to hide the meaningless menu.

Also delete the redundant 'default'. In a choice, the first entry is
the default.

Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
parent 4dc0759c

certs/Kconfig

+1 −3
Original line number Diff line number Diff line
@@ -17,21 +17,19 @@ config MODULE_SIG_KEY 


choice

	prompt "Type of module signing key to be generated"

	default MODULE_SIG_KEY_TYPE_RSA

	depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)

	help

	 The type of module signing key type to generate. This option

	 does not apply if a #PKCS11 URI is used.



config MODULE_SIG_KEY_TYPE_RSA

	bool "RSA"

	depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)

	help

	 Use an RSA key for module signing.



config MODULE_SIG_KEY_TYPE_ECDSA

	bool "ECDSA"

	select CRYPTO_ECDSA

	depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)

	help

	 Use an elliptic curve key (NIST P384) for module signing. Consider

	 using a strong hash like sha256 or sha384 for hashing modules.