From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: zohar@linux.ibm.com, James.Bottomley@HansenPartnership.com,
linux-integrity@vger.kernel.org
Cc: dhowells@redhat.com, arnd@arndb.de, matthewgarrett@google.com,
sashal@kernel.org, linux-kernel@vger.kernel.org,
keyrings@vger.kernel.org
Subject: [PATCH] IMA: fix measuring early boot asymmetric keys
Date: Thu, 09 Jan 2020 17:50:46 +0000 [thread overview]
Message-ID: <20200109175046.4024-1-nramas@linux.microsoft.com> (raw)
As a result of the asymmetric public keys subtype being defined as a
tristate, with the existing IMA Makefile, ima_asymmetric_keys.c could
be built as a kernel module. To prevent this from happening,
an intermediate Kconfig boolean option named
IMA_MEASURE_ASYMMETRIC_KEYS has been defined.
This patch uses this new config CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
to declare the early boot key measurement functions.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Reported-by: kbuild test robot <lkp@intel.com> # redefinition of
ima_init_key_queue() function.
Suggested-by: James.Bottomley <James.Bottomley@HansenPartnership.com>
Fixes: e164a1695a57 ("IMA: Define workqueue for early boot key measurements")
Fixes: 1df595b4e120 ("IMA: Defined timer to free queued keys")
---
security/integrity/ima/ima.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index c483215a9ee5..6bb3152b3e24 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -205,7 +205,7 @@ extern const char *const func_tokens[];
struct modsig;
-#ifdef CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
/*
* To track keys that need to be measured.
*/
@@ -220,7 +220,7 @@ void ima_init_key_queue(void);
#else
static inline void ima_process_queued_keys(void) {}
static inline void ima_init_key_queue(void) {}
-#endif /* CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE */
+#endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
/* LIM API function definitions */
int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: zohar@linux.ibm.com, James.Bottomley@HansenPartnership.com,
linux-integrity@vger.kernel.org
Cc: dhowells@redhat.com, arnd@arndb.de, matthewgarrett@google.com,
sashal@kernel.org, linux-kernel@vger.kernel.org,
keyrings@vger.kernel.org
Subject: [PATCH] IMA: fix measuring early boot asymmetric keys
Date: Thu, 9 Jan 2020 09:50:46 -0800 [thread overview]
Message-ID: <20200109175046.4024-1-nramas@linux.microsoft.com> (raw)
As a result of the asymmetric public keys subtype being defined as a
tristate, with the existing IMA Makefile, ima_asymmetric_keys.c could
be built as a kernel module. To prevent this from happening,
an intermediate Kconfig boolean option named
IMA_MEASURE_ASYMMETRIC_KEYS has been defined.
This patch uses this new config CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
to declare the early boot key measurement functions.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Reported-by: kbuild test robot <lkp@intel.com> # redefinition of
ima_init_key_queue() function.
Suggested-by: James.Bottomley <James.Bottomley@HansenPartnership.com>
Fixes: e164a1695a57 ("IMA: Define workqueue for early boot key measurements")
Fixes: 1df595b4e120 ("IMA: Defined timer to free queued keys")
---
security/integrity/ima/ima.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index c483215a9ee5..6bb3152b3e24 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -205,7 +205,7 @@ extern const char *const func_tokens[];
struct modsig;
-#ifdef CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
/*
* To track keys that need to be measured.
*/
@@ -220,7 +220,7 @@ void ima_init_key_queue(void);
#else
static inline void ima_process_queued_keys(void) {}
static inline void ima_init_key_queue(void) {}
-#endif /* CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE */
+#endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
/* LIM API function definitions */
int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,
--
2.17.1
next reply other threads:[~2020-01-09 17:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-09 17:50 Lakshmi Ramasubramanian [this message]
2020-01-09 17:50 ` [PATCH] IMA: fix measuring early boot asymmetric keys Lakshmi Ramasubramanian
2020-01-09 19:38 ` Mimi Zohar
2020-01-09 19:38 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200109175046.4024-1-nramas@linux.microsoft.com \
--to=nramas@linux.microsoft.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=arnd@arndb.de \
--cc=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=sashal@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.