UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling
NO_IOMEM).
Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):
ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':
ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'
ld: security/integrity/ima/ima_init.o: in function `ima_init':
ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'
ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':
ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'
ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'
Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM
is set, regardless of the UML Kconfig setting.
This updates TCG_TPM from =m to =y and fixes the linker errors.
Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")
Signed-off-by: Randy Dunlap <[email protected]>
Cc: Mimi Zohar <[email protected]>
Cc: Dmitry Kasatkin <[email protected]>
Cc: [email protected]
Cc: Fabio Estevam <[email protected]>
Cc: Rajiv Andrade <[email protected]>
Cc: Richard Weinberger <[email protected]>
Cc: Anton Ivanov <[email protected]>
Cc: Johannes Berg <[email protected]>
Cc: [email protected]
---
security/integrity/ima/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -- a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -8,7 +8,7 @@ config IMA
select CRYPTO_HMAC
select CRYPTO_SHA1
select CRYPTO_HASH_INFO
- select TCG_TPM if HAS_IOMEM && !UML
+ select TCG_TPM if HAS_IOMEM
select TCG_TIS if TCG_TPM && X86
select TCG_CRB if TCG_TPM && ACPI
select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
ping?
On 2/23/23 19:27, Randy Dunlap wrote:
> UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling
> NO_IOMEM).
>
> Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):
>
> ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':
> ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'
> ld: security/integrity/ima/ima_init.o: in function `ima_init':
> ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'
> ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':
> ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'
> ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'
>
> Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM
> is set, regardless of the UML Kconfig setting.
> This updates TCG_TPM from =m to =y and fixes the linker errors.
>
> Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")
> Signed-off-by: Randy Dunlap <[email protected]>
> Cc: Mimi Zohar <[email protected]>
> Cc: Dmitry Kasatkin <[email protected]>
> Cc: [email protected]
> Cc: Fabio Estevam <[email protected]>
> Cc: Rajiv Andrade <[email protected]>
> Cc: Richard Weinberger <[email protected]>
> Cc: Anton Ivanov <[email protected]>
> Cc: Johannes Berg <[email protected]>
> Cc: [email protected]
> ---
> security/integrity/ima/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff -- a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -8,7 +8,7 @@ config IMA
> select CRYPTO_HMAC
> select CRYPTO_SHA1
> select CRYPTO_HASH_INFO
> - select TCG_TPM if HAS_IOMEM && !UML
> + select TCG_TPM if HAS_IOMEM
> select TCG_TIS if TCG_TPM && X86
> select TCG_CRB if TCG_TPM && ACPI
> select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
--
~Randy
On Thu, 2023-02-23 at 19:27 -0800, Randy Dunlap wrote:
> UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling
> NO_IOMEM).
>
> Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):
>
> ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':
> ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'
> ld: security/integrity/ima/ima_init.o: in function `ima_init':
> ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'
> ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':
> ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'
> ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'
>
> Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM
> is set, regardless of the UML Kconfig setting.
> This updates TCG_TPM from =m to =y and fixes the linker errors.
>
> Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")
> Signed-off-by: Randy Dunlap <[email protected]>
Indicating this resolves a commit which was upstreamed in linux-3.4,
while the fix for that commit 0bbadafdc49d ("um: allow disabling
NO_IOMEM") was upstreamed only in linux-5.14, leaves out an important
detail.
Is the proper way of indicating this disconnect by adding to the fixes
line the kernel?
Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") # v5.14+
--
thanks,
Mimi
On 3/14/23 11:28, Mimi Zohar wrote:
> On Thu, 2023-02-23 at 19:27 -0800, Randy Dunlap wrote:
>> UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling
>> NO_IOMEM).
>>
>> Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):
>>
>> ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':
>> ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'
>> ld: security/integrity/ima/ima_init.o: in function `ima_init':
>> ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'
>> ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':
>> ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'
>> ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'
>>
>> Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM
>> is set, regardless of the UML Kconfig setting.
>> This updates TCG_TPM from =m to =y and fixes the linker errors.
>>
>> Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")
>> Signed-off-by: Randy Dunlap <[email protected]>
>
> Indicating this resolves a commit which was upstreamed in linux-3.4,
> while the fix for that commit 0bbadafdc49d ("um: allow disabling
> NO_IOMEM") was upstreamed only in linux-5.14, leaves out an important
> detail.
>
> Is the proper way of indicating this disconnect by adding to the fixes
> line the kernel?
> Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") # v5.14+
Yes, that is acceptable AFAIK. Also
Cc: [email protected]
or AUTOSEL would probably take care of this as it is.
--
~Randy