Co-developed-by: Patrick Franz <deltaone@xxxxxxxxxx> Signed-off-by: Patrick Franz <deltaone@xxxxxxxxxx> Co-developed-by: Ibrahim Fayaz <phayax@xxxxxxxxx> Signed-off-by: Ibrahim Fayaz <phayax@xxxxxxxxx> Reviewed-by: Luis Chamberlain <mcgrof@xxxxxxxx> Tested-by: Evgeny Groshev <eugene.groshev@xxxxxxxxx> Suggested-by: Sarah Nadi <nadi@xxxxxxxxxxx> Suggested-by: Thorsten Berger <thorsten.berger@xxxxxx> Signed-off-by: Thorsten Berger <thorsten.berger@xxxxxx> This choice group presents a problem as it is possible that no option can be chosen when the choice group is visible. Every option contains additional dependencies compared to the group. Hence it is possible that the group is visible, but not a single option can be chosen as these additional dependencies are not satisfied. By moving these additional dependencies from the options into the group, a visible choice group ensures that both options can be chosen. --- certs/Kconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/certs/Kconfig b/certs/Kconfig index ae7f2e876a31..f69c92e5bc30 100644 --- a/certs/Kconfig +++ b/certs/Kconfig @@ -17,6 +17,7 @@ config MODULE_SIG_KEY choice prompt "Type of module signing key to be generated" + depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES) default MODULE_SIG_KEY_TYPE_RSA help The type of module signing key type to generate. This option @@ -24,14 +25,12 @@ choice config MODULE_SIG_KEY_TYPE_RSA bool "RSA" - depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES) help Use an RSA key for module signing. config MODULE_SIG_KEY_TYPE_ECDSA bool "ECDSA" select CRYPTO_ECDSA - depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES) help Use an elliptic curve key (NIST P384) for module signing. Consider using a strong hash like sha256 or sha384 for hashing modules. -- 2.33.0
