lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Jul 2021 06:04:33 +0300 From: Jarkko Sakkinen <jarkko@...nel.org> To: Ahmad Fatoum <a.fatoum@...gutronix.de> Cc: James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, James Bottomley <jejb@...ux.ibm.com>, Mimi Zohar <zohar@...ux.ibm.com>, Sumit Garg <sumit.garg@...aro.org>, David Howells <dhowells@...hat.com>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, kernel@...gutronix.de, Andreas Rammhold <andreas@...mhold.de>, David Gstir <david@...ma-star.at>, Richard Weinberger <richard@....at>, keyrings@...r.kernel.org, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-integrity@...r.kernel.org Subject: Re: [PATCH v2] KEYS: trusted: fix use as module when CONFIG_TCG_TPM=m On Wed, Jul 21, 2021 at 06:02:59PM +0200, Ahmad Fatoum wrote: > Since commit 5d0682be3189 ("KEYS: trusted: Add generic trusted keys > framework"), trusted.ko built with CONFIG_TCG_TPM=CONFIG_TRUSTED_KEYS=m > will not register the TPM trusted key type at runtime. > > This is because, after that rework, CONFIG_DEPENDENCY of the TPM > and TEE backends were checked with #ifdef, but that's only true > when they're built-in. > > Fix this by introducing two new boolean Kconfig symbols: > TRUSTED_KEYS_TPM and TRUSTED_KEYS_TEE with the appropriate > dependencies and use them to check which backends are available. > > This also has a positive effect on user experience: > > - It's now possible to use TEE trusted keys without CONFIG_TCG_TPM > - It's now possible to enable CONFIG_TCG_TPM, but exclude TPM from > available trust sources > - TEE=m && TRUSTED_KEYS=y no longer leads to TEE support > being silently dropped > > Any code depending on the TPM trusted key backend or symbols exported > by it will now need to explicitly state that it > > depends on TRUSTED_KEYS && TRUSTED_KEYS_TPM > > The latter to ensure the dependency is built and the former to ensure > it's reachable for module builds. This currently only affects > CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE, so it's fixed up here as well. > > Reported-by: Andreas Rammhold <andreas@...mhold.de> > Fixes: 5d0682be3189 ("KEYS: trusted: Add generic trusted keys framework") > Signed-off-by: Ahmad Fatoum <a.fatoum@...gutronix.de> Is it absolutely need to do all this *just* to fix the bug? For a pure bug fix the most essential thing is to be able the backport it to stable kernels. I don't really care at all about extra niceties ("it's now possible stuff). This looks like a bug fix and improvements bundle into a single patch. /Jarkko
Powered by blists - more mailing lists