ANDROID: fips140: require 'm' to enable CRYPTO_FIPS140_MOD

CONFIG_CRYPTO_FIPS140_MOD builds a loadable kernel module when set to
'y'.  That's very unusual, as it doesn't follow the convention of
loadable modules being 'm'.

I'm guessing that the reason that a bool was used instead of a tristate
is because this functionality is not supported built-in, so there are
only two allowed settings: disabled or modular.

However, there's actually a way to express that in the kconfig language:
a tristate that depends on 'm'.  Let's do it that way.

This also eliminates the need to explicitly depend on MODULES.

(Note: I decided to keep MOD in the name, since the word "module" in
"FIPS 140 cryptographic module" is a different meaning of "module", and
I didn't want to bother renaming CRYPTO_FIPS140_MOD_EVAL_TESTING too.)

Bug: 188620248
Change-Id: Ib195d64d68c23ca93dd244d9ac77255992870424
Signed-off-by: Eric Biggers <ebiggers@google.com>

arch/arm64/configs/fips140_gki.fragment

@@ -1,2 +1,2 @@
-CONFIG_CRYPTO_FIPS140_MOD=y
+CONFIG_CRYPTO_FIPS140_MOD=m
 # CONFIG_MODULE_SIG_ALL is not set

crypto/Kconfig

@@ -34,8 +34,9 @@ config CRYPTO_FIPS
 	  this is.
 
 config CRYPTO_FIPS140_MOD
-	bool "Enable FIPS 140 cryptographic module"
+	tristate "Enable FIPS 140 cryptographic module"
-	depends on MODULES && ARM64 && ARM64_MODULE_PLTS && LTO_CLANG
+	depends on ARM64 && ARM64_MODULE_PLTS && LTO_CLANG
+	depends on m
 	help
 	  This option enables building a loadable module fips140.ko, which
 	  contains various crypto algorithms that are also built into vmlinux.

scripts/module.lds.S

@@ -33,7 +33,7 @@ SECTIONS {
 
 	__patchable_function_entries : { *(__patchable_function_entries) }
 
-#ifdef CONFIG_CRYPTO_FIPS140_MOD
+#if IS_ENABLED(CONFIG_CRYPTO_FIPS140_MOD)
 	/*
 	 * The FIPS140 module incorporates copies of builtin code, which gets
 	 * integrity checked at module load time, and registered in a way that