Le 05/03/2022 à 21:37, Aaron Tomlin a écrit : > On Wed 2022-03-02 08:08 +0000, Christophe Leroy wrote: >> When it was in main.c, is_module_sig_enforced() was build as soon as >> CONFIG_MODULES was set. >> >> Now it is only built when CONFIG_MODULE_SIG is selected, so you have to >> modify include/linux/modules.h and have the stub >> is_module_sig_enforced() when CONFIG_MODULE_SIG is not selected and not >> only when CONFIG_MODULES is not selected. > > Hi Christophe, > > Looking at this again, perhaps I'm missing something. If I understand > correctly, Kconfig CONFIG_MODULE_SIG cannot be selected without > CONFIG_MODULES; also CONFIG_MODULE_SIG depends on CONFIG_MODULES, no? > So, what is present is enough right i.e. the stub when CONFIG_MODULES is > not enabled? > There are three possibilities: 1/ CONFIG_MODULES=n, CONFIG_MODULE_SIG=n 2/ CONFIG_MODULES=y, CONFIG_MODULE_SIG=n 3/ CONFIG_MODULES=y, CONFIG_MODULE_SIG=y Case 1/, is_module_sig_enforced() is a static inline stub in linux/modules.h returning always false Case 3/, is_module_sig_enforced() is in kernel/module/signing.c Case 2/, is_module_sig_enforced() is nowhere. In linux/modules.h, you have: #ifdef CONFIG_MODULES .... a lot of stuff ... bool is_module_sig_enforced(void); void set_module_sig_enforced(void); #else .... a lot of stuff ... static inline bool is_module_sig_enforced(void) { return false; } static inline void set_module_sig_enforced(void) { } ... some more stuff #endif You must take is_module_sig_enforced() out of that #ifdef CONFIG_MODULES / #else / #endif and add after the #endif /* CONFIG_MODULES */: #ifdef CONFIG_MODULE_SIG bool is_module_sig_enforced(void); #else static inline bool is_module_sig_enforced(void) { return false; } #endif Christophe