Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2433407ybl; Thu, 9 Jan 2020 12:41:00 -0800 (PST) X-Google-Smtp-Source: APXvYqzJLiRgrock9pgl8X5XdPfrmclK5/uCZdDsFToScpRKJJKFcOZ5CdBLu3+rQl2NT6onxmsF X-Received: by 2002:aca:b60a:: with SMTP id g10mr4498877oif.102.1578602460222; Thu, 09 Jan 2020 12:41:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578602460; cv=none; d=google.com; s=arc-20160816; b=JGRH0V3KMekEEezFEArCph++eD1CXOCLNVCt1/LMI9Tz+7p4g+XCtIMlRaI4hAi+Zq BrebhL8/g0/Ludm6A8GsEzQQHQVlILim8uLUBseAHu4+8e87xwxAPl2ysPnKGeGOEeg9 +O2rta/KObtIoznI5Jn7xjCwTzXzKZDPIMCsWKpOr+Zrny0u0WRydsY3vQU+XoDncYuA owG66rQfVVJzgrzecsmV0hY53jf10Jfv7SFXoJsXzeyMPnBnntwo53xJMF6LsY583d3u PrzC06MuM/6BMgQDw54rZRB6ZwwTtdWNOqdJKT7sPnBzfC+Ond7HcUmhui3LI7cB3Y67 d8AA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:dkim-filter; bh=cu2JveRyQuDPFRB2esVGRwjQJkbQO22sfT40nDoRZYU=; b=ezmmvBGBZSbp45frZSSpXKI7CYdXNSeacQYlzHu7erdWY24LVSEYSCO2Ulorln98Ao oMtFjfFBwqjQUc2usvZxC+rZcmFN2UMnNxZfNT5MVsGA02hctxy0uCV6bMgfKg7G0Qbx 51uqFCkUgqsQ88vu4j9hRKbBAVoTdA+3ruEKZlESmxpB2RTwmSZbnuFnBu8X+Ewnjsor aoeVqvv+ah9qnb5DBXdRvAsmWdMTqb0pvfwNso4E9YW/GZK3d52U/KFTttDx4c4xeVlD jGPLCvgFgyQVavUdorWgOf9uRNrfltLIQvs4F0HHy0/GyYHdzmXc7rTcWgpRcIdFnVwK iHWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=nTeh8Vkr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p8si5717009otc.118.2020.01.09.12.40.41; Thu, 09 Jan 2020 12:41:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=nTeh8Vkr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388276AbgAIRuv (ORCPT + 99 others); Thu, 9 Jan 2020 12:50:51 -0500 Received: from linux.microsoft.com ([13.77.154.182]:36508 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728724AbgAIRuv (ORCPT ); Thu, 9 Jan 2020 12:50:51 -0500 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 8DEDF2007679; Thu, 9 Jan 2020 09:50:50 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 8DEDF2007679 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1578592250; bh=cu2JveRyQuDPFRB2esVGRwjQJkbQO22sfT40nDoRZYU=; h=From:To:Cc:Subject:Date:From; b=nTeh8VkrEkVm/QzF3jvtCpMXBK7fCmy9Mp3wGWQwB1xdwwI/Aq2lmLu7o56vZtOkg 96UFm1ZHE/ZNLdwREKjAsrn3TxtHagf3g/asHM8jdwI24I1FtZ3Mm5mPH7TJMnHsMd MgU9mjSmW3xtvahE/H32fn6tRwD+DYzqAwTjDw7s= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, James.Bottomley@HansenPartnership.com, linux-integrity@vger.kernel.org Cc: dhowells@redhat.com, arnd@arndb.de, matthewgarrett@google.com, sashal@kernel.org, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org Subject: [PATCH] IMA: fix measuring early boot asymmetric keys Date: Thu, 9 Jan 2020 09:50:46 -0800 Message-Id: <20200109175046.4024-1-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org As a result of the asymmetric public keys subtype being defined as a tristate, with the existing IMA Makefile, ima_asymmetric_keys.c could be built as a kernel module. To prevent this from happening, an intermediate Kconfig boolean option named IMA_MEASURE_ASYMMETRIC_KEYS has been defined. This patch uses this new config CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS to declare the early boot key measurement functions. Signed-off-by: Lakshmi Ramasubramanian Reported-by: kbuild test robot # redefinition of ima_init_key_queue() function. Suggested-by: James.Bottomley Fixes: e164a1695a57 ("IMA: Define workqueue for early boot key measurements") Fixes: 1df595b4e120 ("IMA: Defined timer to free queued keys") --- security/integrity/ima/ima.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index c483215a9ee5..6bb3152b3e24 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -205,7 +205,7 @@ extern const char *const func_tokens[]; struct modsig; -#ifdef CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE +#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS /* * To track keys that need to be measured. */ @@ -220,7 +220,7 @@ void ima_init_key_queue(void); #else static inline void ima_process_queued_keys(void) {} static inline void ima_init_key_queue(void) {} -#endif /* CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE */ +#endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ /* LIM API function definitions */ int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, -- 2.17.1