dm: verity-loadpin: Use CONFIG_SECURITY_LOADPIN_VERITY for conditional compilation

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The verity glue for LoadPin is only needed when CONFIG_SECURITY_LOADPIN_VERITY
is set, use this option for conditional compilation instead of the combo of
CONFIG_DM_VERITY and CONFIG_SECURITY_LOADPIN.

Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Acked-by: Mike Snitzer <snitzer@kernel.org>
Link: https://lore.kernel.org/lkml/20220627083512.v7.3.I5aca2dcc3b06de4bf53696cd21329dce8272b8aa@changeid
Signed-off-by: Kees Cook <keescook@chromium.org>

authored by

Matthias Kaehlcke and committed by

Kees Cook 3 years ago 231af470 3f805f8c

+2 -7

2 changed files

expand all

drivers

Makefile

include

linux

dm-verity-loadpin.h

+1 -6

drivers/md/Makefile

··· 83 83 obj-$(CONFIG_DM_INTEGRITY) += dm-integrity.o 84 84 obj-$(CONFIG_DM_ZONED) += dm-zoned.o 85 85 obj-$(CONFIG_DM_WRITECACHE) += dm-writecache.o 86 + obj-$(CONFIG_SECURITY_LOADPIN_VERITY) += dm-verity-loadpin.o 86 87 87 88 ifeq ($(CONFIG_DM_INIT),y) 88 89 dm-mod-objs += dm-init.o ··· 107 106 108 107 ifeq ($(CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG),y) 109 108 dm-verity-objs += dm-verity-verify-sig.o 110 - endif 111 - 112 - ifeq ($(CONFIG_DM_VERITY),y) 113 - ifeq ($(CONFIG_SECURITY_LOADPIN),y) 114 - dm-verity-objs += dm-verity-loadpin.o 115 - endif 116 109 endif 117 110 118 111 ifeq ($(CONFIG_DM_AUDIT),y)

+1 -1

include/linux/dm-verity-loadpin.h

··· 15 15 u8 data[]; 16 16 }; 17 17 18 - #if IS_ENABLED(CONFIG_SECURITY_LOADPIN) && IS_BUILTIN(CONFIG_DM_VERITY) 18 + #if IS_ENABLED(CONFIG_SECURITY_LOADPIN_VERITY) 19 19 bool dm_verity_loadpin_is_bdev_trusted(struct block_device *bdev); 20 20 #else 21 21 static inline bool dm_verity_loadpin_is_bdev_trusted(struct block_device *bdev)