On Tue, Jan 13, 2026 at 01:28:47PM +0100, Thomas Weißschuh wrote: > When configuration settings are disabled the guarded functions are > defined as empty stubs, so the check is unnecessary. > The specific configuration option for set_module_sig_enforced() is > about to change and removing the checks avoids some later churn. > > Signed-off-by: Thomas Weißschuh <[email protected]> > --- > security/integrity/ima/ima_efi.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/security/integrity/ima/ima_efi.c > b/security/integrity/ima/ima_efi.c > index 138029bfcce1..a35dd166ad47 100644 > --- a/security/integrity/ima/ima_efi.c > +++ b/security/integrity/ima/ima_efi.c > @@ -68,10 +68,8 @@ static const char * const sb_arch_rules[] = { > const char * const *arch_get_ima_policy(void) > { > if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && arch_ima_get_secureboot()) { > - if (IS_ENABLED(CONFIG_MODULE_SIG)) > - set_module_sig_enforced(); > - if (IS_ENABLED(CONFIG_KEXEC_SIG)) > - set_kexec_sig_enforced(); > + set_module_sig_enforced(); > + set_kexec_sig_enforced(); > return sb_arch_rules; > } > return NULL; > > -- > 2.52.0 >
Reviewed-by: Aaron Tomlin <[email protected]> -- Aaron Tomlin
signature.asc
Description: PGP signature
