| Message ID | 20200107203041.843060-1-arnd@arndb.de (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | ima: make ASYMMETRIC_PUBLIC_KEY_SUBTYPE 'bool' | expand |
On Tue, 2020-01-07 at 21:30 +0100, Arnd Bergmann wrote: > The asymmetric key subtype is only used by the key subsystem that > cannot itself be a loadable module, so when > ASYMMETRIC_PUBLIC_KEY_SUBTYPE is set to =m, it just does not get > used. It also produces a compile-time > warning: > > WARNING: modpost: missing MODULE_LICENSE() in > security/integrity/ima/ima_asymmetric_keys.o > > Make this a 'bool' symbol to avoid both problems. > > Fixes: 88e70da170e8 ("IMA: Define an IMA hook to measure keys") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > --- > crypto/asymmetric_keys/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/crypto/asymmetric_keys/Kconfig > b/crypto/asymmetric_keys/Kconfig > index 1f1f004dc757..f2846293e4d5 100644 > --- a/crypto/asymmetric_keys/Kconfig > +++ b/crypto/asymmetric_keys/Kconfig > @@ -11,7 +11,7 @@ menuconfig ASYMMETRIC_KEY_TYPE > if ASYMMETRIC_KEY_TYPE > > config ASYMMETRIC_PUBLIC_KEY_SUBTYPE > - tristate "Asymmetric public-key crypto algorithm subtype" > + bool "Asymmetric public-key crypto algorithm subtype" I believe the crypto guys do like stuff to be modular. However, we've already implemented this solution: https://lore.kernel.org/linux-integrity/20200107194350.3782-2-nramas@linux.microsoft.com/ To solve the problem via an intermediate boolean config variable. James
On Tue, Jan 7, 2020 at 10:01 PM James Bottomley <James.Bottomley@hansenpartnership.com> wrote: > > On Tue, 2020-01-07 at 21:30 +0100, Arnd Bergmann wrote: > > config ASYMMETRIC_PUBLIC_KEY_SUBTYPE > > - tristate "Asymmetric public-key crypto algorithm subtype" > > + bool "Asymmetric public-key crypto algorithm subtype" > > I believe the crypto guys do like stuff to be modular. > > However, we've already implemented this solution: > > https://lore.kernel.org/linux-integrity/20200107194350.3782-2-nramas@linux.microsoft.com/ > > To solve the problem via an intermediate boolean config variable. Ok, that looks good to me. Arnd
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig index 1f1f004dc757..f2846293e4d5 100644 --- a/crypto/asymmetric_keys/Kconfig +++ b/crypto/asymmetric_keys/Kconfig @@ -11,7 +11,7 @@ menuconfig ASYMMETRIC_KEY_TYPE if ASYMMETRIC_KEY_TYPE config ASYMMETRIC_PUBLIC_KEY_SUBTYPE - tristate "Asymmetric public-key crypto algorithm subtype" + bool "Asymmetric public-key crypto algorithm subtype" select MPILIB select CRYPTO_HASH_INFO select CRYPTO_AKCIPHER
The asymmetric key subtype is only used by the key subsystem that cannot itself be a loadable module, so when ASYMMETRIC_PUBLIC_KEY_SUBTYPE is set to =m, it just does not get used. It also produces a compile-time warning: WARNING: modpost: missing MODULE_LICENSE() in security/integrity/ima/ima_asymmetric_keys.o Make this a 'bool' symbol to avoid both problems. Fixes: 88e70da170e8 ("IMA: Define an IMA hook to measure keys") Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- crypto/asymmetric_keys/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)