certs: include certs/signing_key.x509 unconditionally

I do not see much sense in the #if conditional in system_certificates.S; even if the condition is true, there exists no signing key when CONFIG_MODULE_SIG_KEY="". So, certs/Makefile generates empty certs/signing_key.x509 in such a case. We can always do this, irrespective of CONFIG_MODULE_SIG or (CONFIG_IMA_APPRAISE_MODSIG && CONFIG_MODULES). We only need to check CONFIG_MODULE_SIG_KEY, then both *.S and Makefile will become much simpler. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2024-11-01 13:03:25 +01:00 · 2022-02-18 13:46:33 +09:00 · 2022-02-18 13:46:33 +09:00 · 6ce019f73d
commit 6ce019f73d
parent d4c8586432
2 changed files with 0 additions and 19 deletions
--- a/certs/Makefile
+++ b/certs/Makefile
@ -22,25 +22,10 @@ $(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) $(obj)/extract-cert

 targets += x509_certificate_list

-ifeq ($(CONFIG_MODULE_SIG),y)
-	SIGN_KEY = y
-endif
-
-ifeq ($(CONFIG_IMA_APPRAISE_MODSIG),y)
-ifeq ($(CONFIG_MODULES),y)
-	SIGN_KEY = y
-endif
-endif
-
-ifdef SIGN_KEY
-###############################################################################
-#
 # If module signing is requested, say by allyesconfig, but a key has not been
 # supplied, then one will need to be generated to make sure the build does not
 # fail and that the kernel may be used afterwards.
 #
-###############################################################################
-
 # We do it this way rather than having a boolean option for enabling an
 # external private key, because 'make randconfig' might enable such a
 # boolean option and we unfortunately can't make it depend on !RANDCONFIG.
@ -76,7 +61,6 @@ $(obj)/system_certificates.o: $(obj)/signing_key.x509

 $(obj)/signing_key.x509: $(X509_DEP) $(obj)/extract-cert FORCE
 	$(call if_changed,extract_certs,$(if $(CONFIG_MODULE_SIG_KEY),$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY)),""))
-endif # CONFIG_MODULE_SIG

 targets += signing_key.x509

--- a/certs/system_certificates.S
+++ b/certs/system_certificates.S
@ -9,10 +9,7 @@
 system_certificate_list:
 __cert_list_start:
 __module_cert_start:
-#if defined(CONFIG_MODULE_SIG) || (defined(CONFIG_IMA_APPRAISE_MODSIG) \
-			       && defined(CONFIG_MODULES))
 	.incbin "certs/signing_key.x509"
-#endif
 __module_cert_end:
 	.incbin "certs/x509_certificate_list"
 __cert_list_end: