[PATCH] certs: move the 'depends on' to the choice of module signing keys

* [PATCH] certs: move the 'depends on' to the choice of module signing keys
@ 2021-10-01  4:01 Masahiro Yamada
  2021-12-11 13:10 ` Masahiro Yamada
  0 siblings, 1 reply; 2+ messages in thread
From: Masahiro Yamada @ 2021-10-01  4:01 UTC (permalink / raw)
  To: keyrings
  Cc: Stefan Berger, Jarkko Sakkinen, Masahiro Yamada, David Howells,
	David Woodhouse, linux-kernel

When the condition "MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)"
is unmet, you cannot choose anything in the choice, but the choice
menu is still displayed in the menuconfig etc.

Move the 'depends on' to the choice to hide the meaningless menu.

Also delete the redundant 'default'. In a choice, the first entry is
the default.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
---

 certs/Kconfig | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/certs/Kconfig b/certs/Kconfig
index ae7f2e876a31..73d1350c223a 100644
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -17,21 +17,19 @@ config MODULE_SIG_KEY
 
 choice
 	prompt "Type of module signing key to be generated"
-	default MODULE_SIG_KEY_TYPE_RSA
+	depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
 	help
 	 The type of module signing key type to generate. This option
 	 does not apply if a #PKCS11 URI is used.
 
 config MODULE_SIG_KEY_TYPE_RSA
 	bool "RSA"
-	depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
 	help
 	 Use an RSA key for module signing.
 
 config MODULE_SIG_KEY_TYPE_ECDSA
 	bool "ECDSA"
 	select CRYPTO_ECDSA
-	depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
 	help
 	 Use an elliptic curve key (NIST P384) for module signing. Consider
 	 using a strong hash like sha256 or sha384 for hashing modules.
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread