Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp14471img; Tue, 19 Mar 2019 14:25:01 -0700 (PDT) X-Google-Smtp-Source: APXvYqwxYGHG2TLMQVPRZpzp/tqy+aaoSQMjEhOgc+1LTCiww2ZrQRJV4EVJVkjS7dRrCGzs6Lxk X-Received: by 2002:a63:cc15:: with SMTP id x21mr3879154pgf.380.1553030701099; Tue, 19 Mar 2019 14:25:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553030701; cv=none; d=google.com; s=arc-20160816; b=Zmdfvg3Klhj9T3jkE0OXf2jpZgx4gGu7B45IlCX4Z7V64wIz3Dtyx4iqgbpxjz1uCo tliv4tZ9R+G8UPGmw+nLwNeVlberWuHtN7sUbtblk6OAexP80mQFhGii2QlHtrAij9om fUROHmYg2CRMHr8U2vELTsruT8g6dQqMrdgN3OMDCGZdl/LAs0C+XtOoAxH6m8HvGFdv X0nrc/N0xGT30tTRcnCXIC62txQiwfTC9EHw+XxsoyBuEVEP89Sl08D5Rf4cj9UzpYBi 7h8mUSANEAWaVcVDBVBdTECeK6IWRPdz/JesZ7mhk3aCZAlnMKKigK6dpe8bdiLZi6ey xjNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=kWQ3vhfwHXfkcaJP6o/4GK1QQqtD6Zxo1tjyMAbIy9o=; b=N/gG4JxOvHkssLSUb4mQKRtGQo/zV4IGydVMXEPmBe092Ga1gzDNfvh2HgSyuJ+HKY EJGyRhjnyuSOWwtSYWz2uPCmsxq3SZtlOGDBA3128WvkHlwYGY6yHMXOZEUwK+EqDOIK j0Ly6DZxRl6w7Ypdh0U9xIlG7rfEszwW3X1KAwGVKMRGICuIiFVcRZSiHzicE6qyc4O5 BbipwoLsOicdkTGfpwoqUnNJ+askUBzBCYK/GQLxsHawjncIu4UsHd2mwvQ+BbMVhzv6 PEZdMAurFt+1yXhbegmOL6ywvTNzFYtzKilLnqTn3oa3HAlQOAmapIaCxHZpSG5Qpy4F N65A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=lJeUtQ+u; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b4si2227pfj.16.2019.03.19.14.24.45; Tue, 19 Mar 2019 14:25:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=lJeUtQ+u; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727389AbfCSVX0 (ORCPT + 99 others); Tue, 19 Mar 2019 17:23:26 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:46207 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726712AbfCSVXZ (ORCPT ); Tue, 19 Mar 2019 17:23:25 -0400 Received: by mail-ot1-f66.google.com with SMTP id c18so145071otl.13 for ; Tue, 19 Mar 2019 14:23:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kWQ3vhfwHXfkcaJP6o/4GK1QQqtD6Zxo1tjyMAbIy9o=; b=lJeUtQ+uwy3fSmM0iS35fhjhapm/C6bTPBslQomirVjFWzTl3/gk0yJ3gwEZuZnouK WK5k6+khlgIS3I3qoUzr7ggeUy4BooeZY9la5x2mkWhBRqYrGg69Spdok4gsQwslkcic eJ+QWg6YA1g709IAYJozlnk9iGGkqcWH2BfpmFKbgV3GgfuBYtyMy90hU8kDs86DxVvA Yx+/DbbvNMjPwoL8mdO000jiCzKl0vgMtvq7D+HE5E5kQVnYmrFRiCh4h/x2s8eCPTIS i/4vRlH+bY6QkaPPs52csZVrLjbDPopcQQqIcWXbiqMQ9Hiyr92bQVs9cltkPtQ9+iG3 Mizg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kWQ3vhfwHXfkcaJP6o/4GK1QQqtD6Zxo1tjyMAbIy9o=; b=pcWsJxcqptyIj29qIW+UmI7/Lh4xlC1pIzP3rTh+iXBtrJCttLnpDjOFlbvAUNdEc2 d296xhgzIlOEnrKoVw2+VYgGPMPQsf/8w3Oiy9IUPg+RBTvqh5YKRKc4c9p1r2FQjr5V jZTtdwTLhlzBJtC905TzfhBWoXdCgxsycx3qr0YE2wSDYudwVwPfp5RFGKV8xYv0dRzn y35unN1kHKIWFSMb8rrvmBmf2ntr25zn79R6dtLO6lNecHvd3a6sNK5PALvra8Tj2j+W u+E2c2vy08R0zy40nWm88e4rV0vuodXEBnJV2A9OO3+/6K5PC1/3RDu1W12BmiIQDmJg M5jQ== X-Gm-Message-State: APjAAAUGaKVKe+vDsxKhzA/M7lq7uH6a5nlgdA6XayZnWTvtgEWa3HYJ SKheyxhD8/dpyIz7MwXtYYWyjGbH+5yMx/E7qLl+7w== X-Received: by 2002:a05:6830:1c1:: with SMTP id r1mr3122166ota.229.1553030604327; Tue, 19 Mar 2019 14:23:24 -0700 (PDT) MIME-Version: 1.0 References: <155297557534.2276575.16264199708584900090.stgit@dwillia2-desk3.amr.corp.intel.com> <1553029714.2932.43.camel@linux.ibm.com> In-Reply-To: <1553029714.2932.43.camel@linux.ibm.com> From: Dan Williams Date: Tue, 19 Mar 2019 14:23:13 -0700 Message-ID: Subject: Re: [PATCH 0/6] security/keys/encrypted: Break module dependency chain To: James Bottomley Cc: keyrings@vger.kernel.org, Ira Weiny , Dave Jiang , Tyler Hicks , Keith Busch , Jarkko Sakkinen , David Howells , Vishal Verma , Mimi Zohar , linux-integrity@vger.kernel.org, ecryptfs@vger.kernel.org, Roberto Sassu , linux-nvdimm , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 19, 2019 at 2:09 PM James Bottomley wrote: > > On Tue, 2019-03-19 at 14:01 -0700, Dan Williams wrote: > > On Mon, Mar 18, 2019 at 11:18 PM Dan Williams > om> wrote: > > > > > > With v5.1-rc1 all the nvdimm sub-system regression tests started > > > failing because the libnvdimm module failed to load in the qemu-kvm > > > test environment. Critically that environment does not have a TPM. > > > Commit 240730437deb "KEYS: trusted: explicitly use tpm_chip > > > structure..." started to require a TPM to be present for the > > > trusted.ko module to load where there was no requirement for that > > > before. > > > > > > Rather than undo the "fail if no hardware" behavior James points > > > out that the module dependencies can be broken by looking up the > > > key-type by name. Remove the dependencies on the "key_type_trusted" > > > and "key_type_encrypted" symbol exports, and clean up other > > > boilerplate that supported those exports in different > > > configurations. > > > > Any feedback? Was hoping to get at least patch1 in the queue for > > v5.1-rc2 since this effectively disables the nvdimm driver on typical > > configurations. Jarkko, would you be willing to merge it since the > > regression came through your tree? > > The reason I sent out the RFC was to see if the people who actually > wrote the code had any reasons they needed the current way of doing > things preserving. > > I think your series looks fine except you need to export > key_type_lookup (patch 2) before you use it (patch 1) to preserve > bisectability of builds. Good catch, I fumbled that around. I'll respin and let 0day chew on it before sending out another version.