On Wed, Oct 20, 2021 at 6:49 PM Thorsten Berger <thorsten.berger@xxxxxx> wrote: > > Co-developed-by: Patrick Franz <deltaone@xxxxxxxxxx> > Signed-off-by: Patrick Franz <deltaone@xxxxxxxxxx> > Co-developed-by: Ibrahim Fayaz <phayax@xxxxxxxxx> > Signed-off-by: Ibrahim Fayaz <phayax@xxxxxxxxx> > Reviewed-by: Luis Chamberlain <mcgrof@xxxxxxxx> > Tested-by: Evgeny Groshev <eugene.groshev@xxxxxxxxx> > Suggested-by: Sarah Nadi <nadi@xxxxxxxxxxx> > Suggested-by: Thorsten Berger <thorsten.berger@xxxxxx> > Signed-off-by: Thorsten Berger <thorsten.berger@xxxxxx> > I had sent an equivalent patch before, (with commit description). https://lore.kernel.org/all/20211001040126.1200230-1-masahiroy@xxxxxxxxxx/ > --- > certs/Kconfig | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/certs/Kconfig b/certs/Kconfig > index ae7f2e876a31..f69c92e5bc30 100644 > --- a/certs/Kconfig > +++ b/certs/Kconfig > @@ -17,6 +17,7 @@ config MODULE_SIG_KEY > > choice > prompt "Type of module signing key to be generated" > + depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES) > default MODULE_SIG_KEY_TYPE_RSA > help > The type of module signing key type to generate. This option > @@ -24,14 +25,12 @@ choice > > config MODULE_SIG_KEY_TYPE_RSA > bool "RSA" > - depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES) > help > Use an RSA key for module signing. > > config MODULE_SIG_KEY_TYPE_ECDSA > bool "ECDSA" > select CRYPTO_ECDSA > - depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES) > help > Use an elliptic curve key (NIST P384) for module signing. Consider > using a strong hash like sha256 or sha384 for hashing modules. > -- > 2.33.0 > > -- Best Regards Masahiro Yamada
