When configuration settings are disabled the guarded functions are defined as empty stubs, so the check is unnecessary. The specific configuration option for set_module_sig_enforced() is about to change and removing the checks avoids some later churn.
Signed-off-by: Thomas Weißschuh <[email protected]> --- security/integrity/ima/ima_efi.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/security/integrity/ima/ima_efi.c b/security/integrity/ima/ima_efi.c index 138029bfcce1..a35dd166ad47 100644 --- a/security/integrity/ima/ima_efi.c +++ b/security/integrity/ima/ima_efi.c @@ -68,10 +68,8 @@ static const char * const sb_arch_rules[] = { const char * const *arch_get_ima_policy(void) { if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && arch_ima_get_secureboot()) { - if (IS_ENABLED(CONFIG_MODULE_SIG)) - set_module_sig_enforced(); - if (IS_ENABLED(CONFIG_KEXEC_SIG)) - set_kexec_sig_enforced(); + set_module_sig_enforced(); + set_kexec_sig_enforced(); return sb_arch_rules; } return NULL; -- 2.52.0
