IMA: fix measuring early boot asymmetric keys

Message ID	20200109175046.4024-1-nramas@linux.microsoft.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=CBHD=26=vger.kernel.org=linux-integrity-owner@kernel.org> From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> To: zohar@linux.ibm.com, James.Bottomley@HansenPartnership.com, linux-integrity@vger.kernel.org Cc: dhowells@redhat.com, arnd@arndb.de, matthewgarrett@google.com, sashal@kernel.org, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org Subject: [PATCH] IMA: fix measuring early boot asymmetric keys Date: Thu, 9 Jan 2020 09:50:46 -0800 Message-Id: <20200109175046.4024-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk
Series	IMA: fix measuring early boot asymmetric keys \| expand IMA: fix measuring early boot asymmetric keys

Message ID

20200109175046.4024-1-nramas@linux.microsoft.com (mailing list archive)

State

New, archived

Headers

From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: zohar@linux.ibm.com, James.Bottomley@HansenPartnership.com,
        linux-integrity@vger.kernel.org
Cc: dhowells@redhat.com, arnd@arndb.de, matthewgarrett@google.com,
        sashal@kernel.org, linux-kernel@vger.kernel.org,
        keyrings@vger.kernel.org
Subject: [PATCH] IMA: fix measuring early boot asymmetric keys
Date: Thu,  9 Jan 2020 09:50:46 -0800
Message-Id: <20200109175046.4024-1-nramas@linux.microsoft.com>
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk

Series

IMA: fix measuring early boot asymmetric keys | expand

Commit Message

Lakshmi Ramasubramanian Jan. 9, 2020, 5:50 p.m. UTC

As a result of the asymmetric public keys subtype being defined as a
tristate, with the existing IMA Makefile, ima_asymmetric_keys.c could
be built as a kernel module. To prevent this from happening,
an intermediate Kconfig boolean option named
IMA_MEASURE_ASYMMETRIC_KEYS has been defined.

This patch uses this new config CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
to declare the early boot key measurement functions.

Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Reported-by: kbuild test robot <lkp@intel.com> # redefinition of
ima_init_key_queue() function.
Suggested-by: James.Bottomley <James.Bottomley@HansenPartnership.com>
Fixes: e164a1695a57 ("IMA: Define workqueue for early boot key measurements")
Fixes: 1df595b4e120 ("IMA: Defined timer to free queued keys")
---
 security/integrity/ima/ima.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Mimi Zohar Jan. 9, 2020, 7:38 p.m. UTC | #1

On Thu, 2020-01-09 at 09:50 -0800, Lakshmi Ramasubramanian wrote:

> This patch uses this new config CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
> to declare the early boot key measurement functions.

Thanks!  I've squashed this patch with "4217fbe396c4 IMA: Define
workqueue for early boot key measurements".

Mimi

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index c483215a9ee5..6bb3152b3e24 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -205,7 +205,7 @@  extern const char *const func_tokens[];
 
 struct modsig;
 
-#ifdef CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS
 /*
  * To track keys that need to be measured.
  */
@@ -220,7 +220,7 @@  void ima_init_key_queue(void);
 #else
 static inline void ima_process_queued_keys(void) {}
 static inline void ima_init_key_queue(void) {}
-#endif /* CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE */
+#endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */
 
 /* LIM API function definitions */
 int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,

IMA: fix measuring early boot asymmetric keys

Commit Message

Comments

Patch