Re: [PATCH] module: Fix the modversions and signing submenus

Fri, 20 Feb 2026 07:56:17 -0800 

On 2026-02-05 15:37, Petr Pavlu wrote:
> The module Kconfig file contains a set of options related to "Module
> versioning support" (depends on MODVERSIONS) and "Module signature
> verification" (depends on MODULE_SIG). The Kconfig tool automatically
> creates submenus when an entry for a symbol is followed by consecutive
> items that all depend on the symbol. However, this functionality doesn't
> work for the mentioned module options. The MODVERSIONS options are
> interleaved with ASM_MODVERSIONS, which has no 'depends on MODVERSIONS' but
> instead uses 'default HAVE_ASM_MODVERSIONS && MODVERSIONS'. Similarly, the
> MODULE_SIG options are interleaved by a comment warning not to forget
> signing modules with scripts/sign-file, which uses the condition 'depends
> on MODULE_SIG_FORCE && !MODULE_SIG_ALL'.
> 
> The result is that the options are confusingly shown when using
> a menuconfig tool, as follows:
> 
>  [*]   Module versioning support
>          Module versioning implementation (genksyms (from source code))  --->
>  [ ]   Extended Module Versioning Support
>  [*]   Basic Module Versioning Support
>  [*]   Source checksum for all modules
>  [*]   Module signature verification
>  [ ]     Require modules to be validly signed
>  [ ]     Automatically sign all modules
>        Hash algorithm to sign modules (SHA-256)  --->
> 
> Fix the issue by using if/endif to group related options together in
> kernel/module/Kconfig, similarly to how the MODULE_DEBUG options are
> already grouped. Note that the signing-related options depend on
> 'MODULE_SIG || IMA_APPRAISE_MODSIG', with the exception of
> MODULE_SIG_FORCE, which is valid only for MODULE_SIG and is therefore kept
> separately. For consistency, do the same for the MODULE_COMPRESS entries.
> The options are then properly placed into submenus, as follows:
> 
>  [*]   Module versioning support
>          Module versioning implementation (genksyms (from source code))  --->
>  [ ]     Extended Module Versioning Support
>  [*]     Basic Module Versioning Support
>  [*]   Source checksum for all modules
>  [*]   Module signature verification
>  [ ]     Require modules to be validly signed
>  [ ]     Automatically sign all modules
>          Hash algorithm to sign modules (SHA-256)  --->
> 
> Signed-off-by: Petr Pavlu <[email protected]>

Reviewed-by: Daniel Gomez <[email protected]>

Reply via email to