On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to:
warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM && PPC_PSERIES)
tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets'
I'm not sure why IMA needs to select those user-visible symbols, but if
it must then the simplest fix is to just express the proper dependencies
on the select.
Signed-off-by: Michael Ellerman <[email protected]>
---
security/integrity/ima/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Could someone please pick this up?
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index e099875643c5..b51668d04f9d 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -10,7 +10,7 @@ config IMA
select CRYPTO_HASH_INFO
select TCG_TPM if HAS_IOMEM && !UML
select TCG_TIS if TCG_TPM && X86
- select TCG_IBMVTPM if TCG_TPM && PPC64
+ select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
help
The Trusted Computing Group(TCG) runtime Integrity
Measurement Architecture(IMA) maintains a list of hash
--
1.9.1
Hello,
Yes, we will pick it up.
Thanks,
Dmitry
On 03/12/14 08:04, Michael Ellerman wrote:
> On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to:
>
> warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM && PPC_PSERIES)
> tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets'
>
> I'm not sure why IMA needs to select those user-visible symbols, but if
> it must then the simplest fix is to just express the proper dependencies
> on the select.
>
> Signed-off-by: Michael Ellerman <[email protected]>
> ---
> security/integrity/ima/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>
> Could someone please pick this up?
>
> diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> index e099875643c5..b51668d04f9d 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -10,7 +10,7 @@ config IMA
> select CRYPTO_HASH_INFO
> select TCG_TPM if HAS_IOMEM && !UML
> select TCG_TIS if TCG_TPM && X86
> - select TCG_IBMVTPM if TCG_TPM && PPC64
> + select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
> help
> The Trusted Computing Group(TCG) runtime Integrity
> Measurement Architecture(IMA) maintains a list of hash
On Wed, 2014-12-03 at 17:04 +1100, Michael Ellerman wrote:
> On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to:
>
> warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM && PPC_PSERIES)
> tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets'
>
> I'm not sure why IMA needs to select those user-visible symbols, but if
> it must then the simplest fix is to just express the proper dependencies
> on the select.
On systems without a TPM, IMA goes into a "by-pass" mode, which stores
the measurements without extending the TPM PCR. On Power, there isn't a
HW TPM, but on Power running PowerVM there is a virtual TPM(vTPM). On
Power running PowerKVM there isn't support for vTPM, yet. The Kconfig
needs to differentiate between the two.
> Signed-off-by: Michael Ellerman <[email protected]>
[CC'ing: Vicky(Lo, Hon Ching), Ashley Lai, George Wilson]
Sorry, I'm still waiting to hear back from the developers/testers.
Mimi
> ---
> security/integrity/ima/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>
> Could someone please pick this up?
>
> diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> index e099875643c5..b51668d04f9d 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -10,7 +10,7 @@ config IMA
> select CRYPTO_HASH_INFO
> select TCG_TPM if HAS_IOMEM && !UML
> select TCG_TIS if TCG_TPM && X86
> - select TCG_IBMVTPM if TCG_TPM && PPC64
> + select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
> help
> The Trusted Computing Group(TCG) runtime Integrity
> Measurement Architecture(IMA) maintains a list of hash
On Wed, 2014-12-03 at 09:48 -0500, Mimi Zohar wrote:
> On Wed, 2014-12-03 at 17:04 +1100, Michael Ellerman wrote:
> > On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to:
> >
> > warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM && PPC_PSERIES)
> > tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets'
> >
> > I'm not sure why IMA needs to select those user-visible symbols, but if
> > it must then the simplest fix is to just express the proper dependencies
> > on the select.
>
> On systems without a TPM, IMA goes into a "by-pass" mode, which stores
> the measurements without extending the TPM PCR. On Power, there isn't a
> HW TPM, but on Power running PowerVM there is a virtual TPM(vTPM). On
> Power running PowerKVM there isn't support for vTPM, yet. The Kconfig
> needs to differentiate between the two.
No it doesn't. We don't build different configs for guests on PowerVM vs
PowerKVM. The code needs to handle detecting the presence or absence of the
vTPM at runtime.
But none of that relates to this build fix AFAICS.
cheers