From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Randy Dunlap <rdunlap@xenotime.net>
Cc: Arnaud Lacombe <lacombar@gmail.com>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Mimi Zohar <zohar@us.ibm.com>,
linux-next@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
linux-kbuild@vger.kernel.org
Subject: Re: linux-next: Tree for Aug 22 (evm)
Date: Mon, 22 Aug 2011 22:09:18 -0400 [thread overview]
Message-ID: <1314065358.3225.44.camel@localhost.localdomain> (raw)
In-Reply-To: <20110822174958.73dd96c7.rdunlap@xenotime.net>
On Mon, 2011-08-22 at 17:49 -0700, Randy Dunlap wrote:
> On Mon, 22 Aug 2011 20:47:00 -0400 Arnaud Lacombe wrote:
>
> > Hi,
> >
> > On Mon, Aug 22, 2011 at 3:53 PM, Randy Dunlap <rdunlap@xenotime.net> wrote:
> > > On Mon, 22 Aug 2011 14:53:04 +1000 Stephen Rothwell wrote:
> > >
> > >> Hi all,
> > >>
> > >> [The kernel.org mirroring is a bit low today]
> > >
> > > (on x86_64:)
> > >
> > > When CONFIG_EVM=y, CONFIG_CRYPTO_HASH2=m, CONFIG_TRUSTED_KEYS=m,
> > > CONFIG_ENCRYPTED_KEYS=m, the build fails with:
> > >
> > You did not provide the value of CONFIG_TCG_TPM, I'll assume it was
> > 'm'. That said, correct me if I'm wrong, but we currently have:
>
> Yes, it was 'm'.
>
> > menuconfig TCG_TPM
> > tristate "TPM Hardware Support"
> >
> > [...]
> >
> > config EVM
> > boolean "EVM support"
> > depends on SECURITY && KEYS && TCG_TPM
> >
> > which seems terribly broken to me... How can you have a built-in
> > feature, which depends on another potentially-not-built-in feature ?
>
> Yup.
Easy, different use cases. The TPM has been around and used for a while,
not requiring it to be built-in. EVM, a new use case, requires it to be
built-in.
> > If you change EVM to 'tristate', you will see that you are not allowed
> > to make it built-in if TCG_TPM is not built-in.
>
> Right.
The TPM, crypto, trusted and encrypted keys are tristate. Like the
LSMs, EVM is boolean, which when selected using 'make xconfig', converts
the tristates to built-in. The tristate/boolean mismatches aren't
corrected, when .config is edited directly.
Mimi
> > - Arnaud
> >
> > > (.text+0x378aa): undefined reference to `key_type_encrypted'
> > > evm_crypto.c:(.text+0x37992): undefined reference to `crypto_alloc_shash'
> > > evm_crypto.c:(.text+0x37a24): undefined reference to `crypto_shash_setkey'
> > > evm_crypto.c:(.text+0x37ad9): undefined reference to `crypto_shash_update'
> > > evm_crypto.c:(.text+0x37aeb): undefined reference to `crypto_shash_final'
> > > (.text+0x37b4b): undefined reference to `crypto_shash_update'
> > > (.text+0x37c61): undefined reference to `crypto_shash_update'
> > > (.text+0x37cb9): undefined reference to `crypto_shash_update'
> > >
> > > even though EVM (Kconfig) selects ENCRYPTED_KEYS and TRUSTED_KEYS..
> > > and even after I add "select CRYPTO_HASH2".
> > >
> > > Is this because EVM is bool and kconfig is confused about 'select's
> > > when a bool is selecting tristates? Shouldn't the tristates become
> > > 'y' instead of 'm' if they are selected by a bool that is 'y'?
> > >
> > >
> > > xconfig shows these symbol values:
> > >
> > > Symbol: EVM [=y]
> > > Type : boolean
> > > Prompt: EVM support
> > > Defined at security/integrity/evm/Kconfig:1
> > > Depends on: SECURITY [=y] && KEYS [=y] && TCG_TPM [=m]
> > > Location:
> > > -> Security options
> > > Selects: CRYPTO_HMAC [=m] && CRYPTO_MD5 [=m] && CRYPTO_SHA1 [=m] && CRYPTO_HASH2 [=m] && ENCRYPTED_KEYS [=m] && TRUSTED_KEYS [=m]
> > >
> > >
> > > Hm, changing TCG_TPM to =y also changes TRUSTED_KEYS and ENCRYPTED_KEYS and
> > > lots of CRYPTO_ symbols from =m to =y. There must be some kind of min/max
> > > symbol checking that is confused?
> > >
> > there is definitively an underlying min/max, but I would not point
> > finger too fast.
>
>
> Thanks for your help.
>
> ---
> ~Randy
> *** Remember to use Documentation/SubmitChecklist when testing your code ***
next prev parent reply other threads:[~2011-08-23 2:09 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-22 4:53 linux-next: Tree for Aug 22 Stephen Rothwell
2011-08-22 16:10 ` linux-next: Tree for Aug 22 (drivers/power/pda_power.c) Randy Dunlap
2011-08-22 18:13 ` [PATCH -next] staging: fix comedi build when COMEDI_PCI is not enabled Randy Dunlap
2011-08-23 18:58 ` Greg KH
2011-08-23 20:03 ` Randy Dunlap
2011-08-22 18:30 ` [PATCH -next] power_supply: fix sysfs format warning Randy Dunlap
2011-08-23 13:27 ` Anton Vorontsov
2011-08-22 19:53 ` linux-next: Tree for Aug 22 (evm) Randy Dunlap
2011-08-22 20:18 ` Arnaud Lacombe
2011-08-23 0:47 ` Arnaud Lacombe
2011-08-23 0:49 ` Randy Dunlap
2011-08-23 2:09 ` Mimi Zohar [this message]
2011-08-23 2:24 ` Arnaud Lacombe
2011-08-24 2:07 ` Mimi Zohar
2011-08-23 2:32 ` Arnaud Lacombe
2011-08-23 23:40 ` Randy Dunlap
2011-08-24 2:10 ` Arnaud Lacombe
2011-08-26 12:39 ` Mimi Zohar
2011-08-26 17:00 ` Randy Dunlap
2011-08-27 6:06 ` Arnaud Lacombe
2011-09-02 0:32 ` Arnaud Lacombe
2011-09-02 1:40 ` Mimi Zohar
2011-09-02 2:21 ` Arnaud Lacombe
2011-09-02 15:01 ` Randy Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1314065358.3225.44.camel@localhost.localdomain \
--to=zohar@linux.vnet.ibm.com \
--cc=lacombar@gmail.com \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=rdunlap@xenotime.net \
--cc=sfr@canb.auug.org.au \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox