Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp657388pxb;
        Fri, 16 Apr 2021 15:03:07 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxXF9u8NHxe4RGSidYLx2RlBeK9mZ2D/uqKlWGM/55HtY98JRu363/Cg2U+n4yDGOoEJ34r
X-Received: by 2002:a17:906:5da:: with SMTP id t26mr9919930ejt.21.1618610587200;
        Fri, 16 Apr 2021 15:03:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1618610587; cv=none;
        d=google.com; s=arc-20160816;
        b=cXwMee7CLnzF1rvPG+qWvOxWbV+vXNsFsYzilagW3LDxJKfhzLeOS0bexV811Xri0c
         3X4PxC+ee74V81Af1k3Sb93k+mOOtr7nxzwlU9ILd0iaaJWzzfiop/z295mvUJtsqto2
         tJlHJUaqZnT1nTlw69NWu5Rs+94D/fNcnE09Wuvf3IoOyHDbGQVqgIaGE4LxsfpAXkUU
         /BUd/NlytzVo92fxlMRy/HsdifrLksOhsWhwks9SH+dyfqu51td/mWJ3NWcDsJW9xvYb
         EJNev3rMsxoKUuRMweSY4+IxAVtAnb2a14+IrKqI388uqQC0LjMwdrbRgS6eJuuITY3Y
         9Pbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject:dkim-signature;
        bh=5JpOyi2btqDexH91tjXQOgOsvUakTgPwzwHL+y/0r+w=;
        b=Alakf9zxOpTxO+JMFkAZyLJzK0foNFcqbDBAmPIQ7/aVFzpPcBqHky465PjJ/k1+Yh
         dznqiQc12V3orese7kITwDNbADavTPVR6/Tvon34ivFZl/aQ41vxTGZfM5c+rG3pzWwH
         IoGCoSsypzwqur99/YVJj0pL2UMWJAmgr3HLLmnbXW1tSjZYDXGm5HxsXZX4hViar//k
         QtgstK6ShKhkCPNkCGgPQOU8boECIGytBaC74l+6OQ73LsCJz3YvsqoD1MFGM90OSHxq
         jGFrOfWDEAa681bIBujkA9ATPuxcBZNrc1uNl6T4Vz994FnNZTOiiD5uodfaakgDhGk8
         HkSw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=gnOA+R9L;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id b12si5247787edd.19.2021.04.16.15.02.44;
        Fri, 16 Apr 2021 15:03:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=gnOA+R9L;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S245512AbhDPUdB (ORCPT <rfc822;lishoy@gmail.com> + 99 others);
        Fri, 16 Apr 2021 16:33:01 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39830 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S245017AbhDPUdA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Apr 2021 16:33:00 -0400
Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BAAC9C061574;
        Fri, 16 Apr 2021 13:32:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:Content-Type:
        In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender
        :Reply-To:Content-ID:Content-Description;
        bh=5JpOyi2btqDexH91tjXQOgOsvUakTgPwzwHL+y/0r+w=; b=gnOA+R9LoD3iBsz3nvsKcyYqNt
        zRjyXfTIagRzAzxD8dN6roXXW+9kAWTt1iQta3S3cAd1DGFMZdUmpv2lserftPVS61X4pKEWtkRlK
        VW1lk1GFZXiL0MP4F5rKnZ9uwR6mCnFAM5RrqxlqVcFoASuJ+4LKsaEEi0oorzRFABkRiQbzFTzKA
        49PemZEACFvqainzKYZP3a5Aw1xXbDsSpUes3hQ+iRjOjqn1lQo4FWn9zO6k+CusTna2/+Z0dMrCl
        YvWN5xLtzOSmgQkUxe0y6LdMCxewWR7ZQ1bwS7HMYk3C/UgcGDaDgy8nNZPPr81MtchBDrl2t8Aj4
        afL/PiCQ==;
Received: from c-73-157-219-8.hsd1.or.comcast.net ([73.157.219.8] helo=[10.0.0.253])
        by casper.infradead.org with esmtpsa (Exim 4.94 #2 (Red Hat Linux))
        id 1lXV8V-00APsR-GY; Fri, 16 Apr 2021 20:32:25 +0000
Subject: Re: linux-next: Tree for Apr 16 (IMA appraise causing build error)
To:     Nayna <nayna@linux.vnet.ibm.com>,
        Stephen Rothwell <sfr@canb.auug.org.au>,
        Linux Next Mailing List <linux-next@vger.kernel.org>
Cc:     Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-integrity@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>,
        Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
        Masahiro Yamada <masahiroy@kernel.org>
References: <20210416213625.14542675@canb.auug.org.au>
 <80839e94-f72c-4d2c-6b3a-b68beea72a27@infradead.org>
 <3b06deaa-2ec1-88cd-87aa-970b9fa4315a@linux.vnet.ibm.com>
From:   Randy Dunlap <rdunlap@infradead.org>
Message-ID: <8fbd9822-bc70-f103-ace9-22733b8475e5@infradead.org>
Date:   Fri, 16 Apr 2021 13:32:15 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <3b06deaa-2ec1-88cd-87aa-970b9fa4315a@linux.vnet.ibm.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

On 4/16/21 1:25 PM, Nayna wrote:
> 
> On 4/16/21 2:53 PM, Randy Dunlap wrote:
>> On 4/16/21 4:36 AM, Stephen Rothwell wrote:
>>> Hi all,
>>>
>>> Changes since 20210415:
>>>
>> I noticed this build error message (on an i386 build):
>>
>> ../certs/Makefile:52: *** Could not determine digest type to use from kernel config.  Stop.
>>
>> and when I was checking on why it happened, I noticed that
>> # CONFIG_MODULES is not set
>>
>> and hence
>> ifndef CONFIG_MODULE_SIG_HASH
>> $(error Could not determine digest type to use from kernel config)
>> endif
>>
>> CONFIG_MODULE_SIG_HASH is not set/enabled/defined.
>>
>> However, the .config file does have
>> CONFIG_IMA_APPRAISE=y
>> # CONFIG_IMA_ARCH_POLICY is not set
>> # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
>> CONFIG_IMA_APPRAISE_BOOTPARAM=y
>> CONFIG_IMA_APPRAISE_MODSIG=y
>>
>> as well as
>> CONFIG_MODULE_SIG_FORMAT=y
>>
>> due to a "select" by IMA_APPRAISE_MODSIG.
>> (although I see that MODULE_SIG_FORMAT does not depend on MODULES)
>>
>>
>> Is there anything that you can do (or recommend) to prevent
>> the build error?
>>
>>
>>
>> BTW, it looks like this:
>> config IMA_APPRAISE_REQUIRE_MODULE_SIGS
>>     bool "Appraise kernel modules signatures"
>>     depends on IMA_APPRAISE_BUILD_POLICY
>>
>> could also depend on MODULES.
>>
>>
>>
>> Full i386 randconfig file is attached.
> 
> 
> With the new patchset "ima: kernel build support for loading the kernel module signing key", there shouldn't be a difference when generating the config file between MODULE_SIG and IMA_APPRAISE_MODSIG. Both prompt for the hash algorithm.

That patchset appears to be included in today's linux-next 2021-04-16.

> Can you please explain how you generate randconfig? Do you use make xconfig?

with the 'make randconfig' command.


-- 
~Randy