* [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
@ 2014-12-03 6:04 Michael Ellerman
2014-12-03 13:08 ` Dmitry Kasatkin
2014-12-03 14:48 ` Mimi Zohar
0 siblings, 2 replies; 4+ messages in thread
From: Michael Ellerman @ 2014-12-03 6:04 UTC (permalink / raw)
To: linux-kernel
Cc: zohar, d.kasatkin, james.l.morris, serge, linux-ima-devel,
linux-security-module
On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to:
warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM && PPC_PSERIES)
tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets'
I'm not sure why IMA needs to select those user-visible symbols, but if
it must then the simplest fix is to just express the proper dependencies
on the select.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
security/integrity/ima/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Could someone please pick this up?
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index e099875643c5..b51668d04f9d 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -10,7 +10,7 @@ config IMA
select CRYPTO_HASH_INFO
select TCG_TPM if HAS_IOMEM && !UML
select TCG_TIS if TCG_TPM && X86
- select TCG_IBMVTPM if TCG_TPM && PPC64
+ select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
help
The Trusted Computing Group(TCG) runtime Integrity
Measurement Architecture(IMA) maintains a list of hash
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
2014-12-03 6:04 [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met Michael Ellerman
@ 2014-12-03 13:08 ` Dmitry Kasatkin
2014-12-03 14:48 ` Mimi Zohar
1 sibling, 0 replies; 4+ messages in thread
From: Dmitry Kasatkin @ 2014-12-03 13:08 UTC (permalink / raw)
To: Michael Ellerman, linux-kernel
Cc: zohar, james.l.morris, serge, linux-ima-devel, linux-security-module
Hello,
Yes, we will pick it up.
Thanks,
Dmitry
On 03/12/14 08:04, Michael Ellerman wrote:
> On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to:
>
> warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM && PPC_PSERIES)
> tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets'
>
> I'm not sure why IMA needs to select those user-visible symbols, but if
> it must then the simplest fix is to just express the proper dependencies
> on the select.
>
> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
> ---
> security/integrity/ima/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>
> Could someone please pick this up?
>
> diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> index e099875643c5..b51668d04f9d 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -10,7 +10,7 @@ config IMA
> select CRYPTO_HASH_INFO
> select TCG_TPM if HAS_IOMEM && !UML
> select TCG_TIS if TCG_TPM && X86
> - select TCG_IBMVTPM if TCG_TPM && PPC64
> + select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
> help
> The Trusted Computing Group(TCG) runtime Integrity
> Measurement Architecture(IMA) maintains a list of hash
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
2014-12-03 6:04 [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met Michael Ellerman
2014-12-03 13:08 ` Dmitry Kasatkin
@ 2014-12-03 14:48 ` Mimi Zohar
2014-12-04 0:13 ` Michael Ellerman
1 sibling, 1 reply; 4+ messages in thread
From: Mimi Zohar @ 2014-12-03 14:48 UTC (permalink / raw)
To: Michael Ellerman
Cc: linux-kernel, d.kasatkin, james.l.morris, serge, linux-ima-devel,
linux-security-module, Lo Hon Ching, Ashley Lai, George Wilson
On Wed, 2014-12-03 at 17:04 +1100, Michael Ellerman wrote:
> On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to:
>
> warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM && PPC_PSERIES)
> tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets'
>
> I'm not sure why IMA needs to select those user-visible symbols, but if
> it must then the simplest fix is to just express the proper dependencies
> on the select.
On systems without a TPM, IMA goes into a "by-pass" mode, which stores
the measurements without extending the TPM PCR. On Power, there isn't a
HW TPM, but on Power running PowerVM there is a virtual TPM(vTPM). On
Power running PowerKVM there isn't support for vTPM, yet. The Kconfig
needs to differentiate between the two.
> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
[CC'ing: Vicky(Lo, Hon Ching), Ashley Lai, George Wilson]
Sorry, I'm still waiting to hear back from the developers/testers.
Mimi
> ---
> security/integrity/ima/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>
> Could someone please pick this up?
>
> diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> index e099875643c5..b51668d04f9d 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -10,7 +10,7 @@ config IMA
> select CRYPTO_HASH_INFO
> select TCG_TPM if HAS_IOMEM && !UML
> select TCG_TIS if TCG_TPM && X86
> - select TCG_IBMVTPM if TCG_TPM && PPC64
> + select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
> help
> The Trusted Computing Group(TCG) runtime Integrity
> Measurement Architecture(IMA) maintains a list of hash
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
2014-12-03 14:48 ` Mimi Zohar
@ 2014-12-04 0:13 ` Michael Ellerman
0 siblings, 0 replies; 4+ messages in thread
From: Michael Ellerman @ 2014-12-04 0:13 UTC (permalink / raw)
To: Mimi Zohar
Cc: linux-kernel, d.kasatkin, james.l.morris, serge, linux-ima-devel,
linux-security-module, Lo Hon Ching, Ashley Lai, George Wilson
On Wed, 2014-12-03 at 09:48 -0500, Mimi Zohar wrote:
> On Wed, 2014-12-03 at 17:04 +1100, Michael Ellerman wrote:
> > On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to:
> >
> > warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM && PPC_PSERIES)
> > tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets'
> >
> > I'm not sure why IMA needs to select those user-visible symbols, but if
> > it must then the simplest fix is to just express the proper dependencies
> > on the select.
>
> On systems without a TPM, IMA goes into a "by-pass" mode, which stores
> the measurements without extending the TPM PCR. On Power, there isn't a
> HW TPM, but on Power running PowerVM there is a virtual TPM(vTPM). On
> Power running PowerKVM there isn't support for vTPM, yet. The Kconfig
> needs to differentiate between the two.
No it doesn't. We don't build different configs for guests on PowerVM vs
PowerKVM. The code needs to handle detecting the presence or absence of the
vTPM at runtime.
But none of that relates to this build fix AFAICS.
cheers
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-12-04 0:13 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-03 6:04 [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met Michael Ellerman
2014-12-03 13:08 ` Dmitry Kasatkin
2014-12-03 14:48 ` Mimi Zohar
2014-12-04 0:13 ` Michael Ellerman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.