On Tue, 2025-04-29 at 15:04 +0200, Thomas Weißschuh wrote:
> When CONFIG_MODULE_SIG is disabled set_module_sig_enforced() is defined
> as an empty stub, so the check is unnecessary.
> The specific configuration option for set_module_sig_enforced() is
> about to change and removing the check avoids some later churn.
>
> Signed-off-by: Thomas Weißschuh <li...@weissschuh.net>
Reviewed-by: Mimi Zohar <zo...@linux.ibm.com>
>
> ---
> This patch is not strictly necessary right now, but makes looking for
> usages of CONFIG_MODULE_SIG easier.
> ---
> arch/powerpc/kernel/ima_arch.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/kernel/ima_arch.c b/arch/powerpc/kernel/ima_arch.c
> index
> b7029beed847dc0acf15b3edbdd7fe9e60626f24..690263bf4265c78331b5f306097543ce12ac7dbd
> 100644
> --- a/arch/powerpc/kernel/ima_arch.c
> +++ b/arch/powerpc/kernel/ima_arch.c
> @@ -63,8 +63,7 @@ static const char *const secure_and_trusted_rules[] = {
> const char *const *arch_get_ima_policy(void)
> {
> if (is_ppc_secureboot_enabled()) {
> - if (IS_ENABLED(CONFIG_MODULE_SIG))
> - set_module_sig_enforced();
> + set_module_sig_enforced();
>
> if (is_ppc_trustedboot_enabled())
> return secure_and_trusted_rules;
>
