On Tue, Feb 22, 2022 at 10:48:00AM +0000, Aaron Tomlin wrote:
> On Mon 2022-02-21 12:21 +0000, Christophe Leroy wrote:
> > Le 18/02/2022 à 22:24, Aaron Tomlin a écrit :
> > > kernel/{module_signature.c => module/signature.c} | 0
> > Keeping it outside of kernel/module/ would allow to conditionaly build
> > entire kernel/module/ based of CONFIG_MODULES and then avoid all checks
> > against CONFIG_MODULES which look misleading at times.
>
> Luis,
>
> What is your opinion on this? Indeed, mod_check_sig() is used by code
> outside of kernel/module/ too i.e. ima_read_modsig(); albeit, I believe it
> does make sense to keep it under kernel/module/ since the function in
> question is used to review a given module's signature anyway.
How about:
obj-$(CONFIG_MODULE_SIG_FORMAT) += module/module_signature.o
Luis
