certs: move the 'depends on' to the choice of module signing keys
When the condition "MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)" is unmet, you cannot choose anything in the choice, but the choice menu is still displayed in the menuconfig etc. Move the 'depends on' to the choice to hide the meaningless menu. Also delete the redundant 'default'. In a choice, the first entry is the default. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
This commit is contained in:
parent
4dc0759c56
commit
be0d5fa7f0
|
@ -17,21 +17,19 @@ config MODULE_SIG_KEY
|
|||
|
||||
choice
|
||||
prompt "Type of module signing key to be generated"
|
||||
default MODULE_SIG_KEY_TYPE_RSA
|
||||
depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
|
||||
help
|
||||
The type of module signing key type to generate. This option
|
||||
does not apply if a #PKCS11 URI is used.
|
||||
|
||||
config MODULE_SIG_KEY_TYPE_RSA
|
||||
bool "RSA"
|
||||
depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
|
||||
help
|
||||
Use an RSA key for module signing.
|
||||
|
||||
config MODULE_SIG_KEY_TYPE_ECDSA
|
||||
bool "ECDSA"
|
||||
select CRYPTO_ECDSA
|
||||
depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
|
||||
help
|
||||
Use an elliptic curve key (NIST P384) for module signing. Consider
|
||||
using a strong hash like sha256 or sha384 for hashing modules.
|
||||
|
|
Loading…
Reference in New Issue