summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2016-04-06 17:14:26 +0200
committerDavid Howells <dhowells@redhat.com>2016-04-11 23:43:24 +0200
commit99716b7cae8263e1c7e7c1987e95d8f67071ab3e (patch)
treef1d551d31bd36b6e3594664c95183af544984c1d
parentX.509: Move the trust validation code out to its own file (diff)
downloadlinux-99716b7cae8263e1c7e7c1987e95d8f67071ab3e.tar.xz
linux-99716b7cae8263e1c7e7c1987e95d8f67071ab3e.zip
KEYS: Make the system trusted keyring depend on the asymmetric key type
Make the system trusted keyring depend on the asymmetric key type as there's not a lot of point having it if you can't then load asymmetric keys onto it. This requires the ASYMMETRIC_KEY_TYPE to be made a bool, not a tristate, as the Kconfig language doesn't then correctly force ASYMMETRIC_KEY_TYPE to 'y' rather than 'm' if SYSTEM_TRUSTED_KEYRING is 'y'. Making SYSTEM_TRUSTED_KEYRING *select* ASYMMETRIC_KEY_TYPE instead doesn't work as the Kconfig interpreter then wrongly complains about dependency loops. Signed-off-by: David Howells <dhowells@redhat.com>
-rw-r--r--certs/Kconfig1
-rw-r--r--crypto/asymmetric_keys/Kconfig2
2 files changed, 2 insertions, 1 deletions
diff --git a/certs/Kconfig b/certs/Kconfig
index f0f8a4433685..743d480f5f6f 100644
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -17,6 +17,7 @@ config MODULE_SIG_KEY
config SYSTEM_TRUSTED_KEYRING
bool "Provide system-wide ring of trusted keys"
depends on KEYS
+ depends on ASYMMETRIC_KEY_TYPE
help
Provide a system keyring to which trusted keys can be added. Keys in
the keyring are considered to be trusted. Keys may be added at will
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index f7d2ef9789d8..e28e912000a7 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -1,5 +1,5 @@
menuconfig ASYMMETRIC_KEY_TYPE
- tristate "Asymmetric (public-key cryptographic) key type"
+ bool "Asymmetric (public-key cryptographic) key type"
depends on KEYS
help
This option provides support for a key type that holds the data for