When configuration settings are disabled the guarded functions are
defined as empty stubs, so the check is unnecessary.
The specific configuration option for set_module_sig_enforced() is
about to change and removing the checks avoids some later churn.
Signed-off-by: Thomas Weißschuh <li...@weissschuh.net>
---
This patch is not strictly necessary right now, but makes looking for
usages of CONFIG_MODULE_SIG easier.
---
security/integrity/ima/ima_efi.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/security/integrity/ima/ima_efi.c b/security/integrity/ima/ima_efi.c
index
138029bfcce1e40ef37700c15e30909f6e9b4f2d..a35dd166ad47beb4a7d46cc3e8fc604f57e03ecb
100644
--- a/security/integrity/ima/ima_efi.c
+++ b/security/integrity/ima/ima_efi.c
@@ -68,10 +68,8 @@ static const char * const sb_arch_rules[] = {
const char * const *arch_get_ima_policy(void)
{
if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && arch_ima_get_secureboot()) {
- if (IS_ENABLED(CONFIG_MODULE_SIG))
- set_module_sig_enforced();
- if (IS_ENABLED(CONFIG_KEXEC_SIG))
- set_kexec_sig_enforced();
+ set_module_sig_enforced();
+ set_kexec_sig_enforced();
return sb_arch_rules;
}
return NULL;
--
2.49.0
