From: Masahiro Yamada <masahiroy@xxxxxxxxxx> [ Upstream commit 2154aca21408752eaa3eeaf2ba6e942724ff2a4d ] Commit e90886291c7c ("certs: make system keyring depend on x509 parser") is not the right fix because x509_load_certificate_list() can be modular. The combination of CONFIG_SYSTEM_TRUSTED_KEYRING=y and CONFIG_X509_CERTIFICATE_PARSER=m still results in the following error: LD .tmp_vmlinux.kallsyms1 ld: certs/system_keyring.o: in function `load_system_certificate_list': system_keyring.c:(.init.text+0x8c): undefined reference to `x509_load_certificate_list' make: *** [Makefile:1169: vmlinux] Error 1 Fixes: e90886291c7c ("certs: make system keyring depend on x509 parser") Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx> Tested-by: Adam Borowski <kilobyte@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- certs/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certs/Kconfig b/certs/Kconfig index bf9b511573d7..1f109b070877 100644 --- a/certs/Kconfig +++ b/certs/Kconfig @@ -43,7 +43,7 @@ config SYSTEM_TRUSTED_KEYRING bool "Provide system-wide ring of trusted keys" depends on KEYS depends on ASYMMETRIC_KEY_TYPE - depends on X509_CERTIFICATE_PARSER + depends on X509_CERTIFICATE_PARSER = y help Provide a system keyring to which trusted keys can be added. Keys in the keyring are considered to be trusted. Keys may be added at will -- 2.35.1