[PATCH v1 1/1] s390/kexec: Make KEXEC_SIG available when CONFIG_MODULES=n

[Alexander Egorenkov]

The commit c8424e776b09 ("MODSIGN: Export module signature definitions")
replaced the dependency of KEXEC_SIG on SYSTEM_DATA_VERIFICATION with
the dependency on MODULE_SIG_FORMAT. This change disables KEXEC_SIG
in s390 kernels built with MODULES=n if nothing else selects
MODULE_SIG_FORMAT.

Furthermore, the signature verification in s390 kexec does not require
MODULE_SIG_FORMAT because it requires only the struct module_signature and,
therefore, does not depend on code in kernel/module_signature.c.

But making ARCH_SUPPORTS_KEXEC_SIG depend on SYSTEM_DATA_VERIFICATION
is also incorrect because it makes KEXEC_SIG available on s390 only
if some other arbitrary option (for instance a file system or device driver)
selects it directly or indirectly.

To properly make KEXEC_SIG available for s390 kernels built with MODULES=y
as well as MODULES=n _and_ also not depend on arbitrary options selecting
SYSTEM_DATA_VERIFICATION, we set ARCH_SUPPORTS_KEXEC_SIG=y for s390 and
select SYSTEM_DATA_VERIFICATION when KEXEC_SIG=y.

Fixes: c8424e776b09 ("MODSIGN: Export module signature definitions")
Signed-off-by: Alexander Egorenkov <egore...@linux.ibm.com>
---
 arch/s390/Kconfig    | 2 +-
 kernel/Kconfig.kexec | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index c2c7bf974397..385c1052cf45 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -313,7 +313,7 @@ config ARCH_SUPPORTS_KEXEC_FILE
        def_bool y
 
 config ARCH_SUPPORTS_KEXEC_SIG
-       def_bool MODULE_SIG_FORMAT
+       def_bool y
 
 config ARCH_SUPPORTS_KEXEC_PURGATORY
        def_bool y
diff --git a/kernel/Kconfig.kexec b/kernel/Kconfig.kexec
index 15632358bcf7..df97227cfca9 100644
--- a/kernel/Kconfig.kexec
+++ b/kernel/Kconfig.kexec
@@ -50,6 +50,7 @@ config KEXEC_SIG
        bool "Verify kernel signature during kexec_file_load() syscall"
        depends on ARCH_SUPPORTS_KEXEC_SIG
        depends on KEXEC_FILE
+       select SYSTEM_DATA_VERIFICATION if S390
        help
          This option makes the kexec_file_load() syscall check for a valid
          signature of the kernel image. The image can still be loaded without
-- 
2.51.0