From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nick Desaulniers Date: Tue, 22 Sep 2020 19:14:08 +0000 Subject: Re: [PATCH v12 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs Message-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit List-Id: References: <20200920163351.11293-5-James.Bottomley@HansenPartnership.com> <202009210844.KCwzdqmx%lkp@intel.com> <2d395d924b70fba7f1867eb83946497ce1f6eb47.camel@HansenPartnership.com> In-Reply-To: <2d395d924b70fba7f1867eb83946497ce1f6eb47.camel@HansenPartnership.com> To: James Bottomley , Masahiro Yamada , Philip Li Cc: kernel test robot , linux-integrity@vger.kernel.org, kbuild-all@lists.01.org, clang-built-linux , Mimi Zohar , Jarkko Sakkinen , David Woodhouse , keyrings@vger.kernel.org, David Howells , Arnd Bergmann On Mon, Sep 21, 2020 at 2:31 PM James Bottomley wrote: > > On Mon, 2020-09-21 at 08:07 +0800, kernel test robot wrote: > > Hi James, > > > > I love your patch! Yet something to improve: > > > > [auto build test ERROR on integrity/next-integrity] > > [also build test ERROR on linus/master v5.9-rc5 next-20200918] > > [cannot apply to security/next-testing dhowells-fs/fscache-next] > > [If your patch is applied to the wrong git tree, kindly drop us a > > note. And when submitting patch, we suggest to use '--base' as > > documented in https://git-scm.com/docs/git-format-patch] > > > > url: > > https://github.com/0day-ci/linux/commits/James-Bottomley/TPM-2-0-trusted-key-rework/20200921-003922 > > base: > > https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git > > next-integrity > > config: x86_64-randconfig-a003-20200921 (attached as .config) > > compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project > > f4e554180962aa6bc93678898b6933ea712bde50) > > reproduce (this is a W=1 build): > > wget > > https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross > > -O ~/bin/make.cross > > chmod +x ~/bin/make.cross > > # install x86_64 cross compiling tool for clang build > > # apt-get install binutils-x86-64-linux-gnu > > # save the attached .config to linux build tree > > COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross > > ARCH=x86_64 > > > > If you fix the issue, kindly add following tag as appropriate > > Reported-by: kernel test robot > > > > All errors (new ones prefixed by >>): > > > > > > make[4]: *** No rule to make target 'security/keys/trusted- > > > > keys/tpm2key.asn1.o', needed by 'security/keys/trusted- > > > > keys/built-in.a'. > > make[4]: *** [scripts/Makefile.build:283: security/keys/trusted- > > keys/trusted_tpm2.o] Error 1 > > make[4]: Target '__build' not remade because of errors. > > > So can I still add that tracking this down involved installing an > entirely unnecessary ARM build environment, which was a huge effort I > didn't need to do if you'd just provided the build log which fingered > the ASN.1 compiler problem if you know what to look for. Having a link to the build log artifact is a valid criticism. > > The reason for the problem is because ASN1 isn't selected in the > Kconfig which causes the ASN.1 compiler not to be built. The way our > current build rules are structured causes the make rule for this simply > to be skipped, which means you have to know to look for the absence of > ASN.1 in the build log. I propose adding this to the build rules, > which produces the much more explicit: > > /home/jejb/git/linux-build/scripts/Makefile.build:387: *** CONFIG_ASN1 must be defined for the asn1_compiler. Stop. > make[3]: *** [/home/jejb/git/linux-build/scripts/Makefile.build:505: security/keys/trusted-keys] Error 2 > > James > > --- > > diff --git a/scripts/Makefile.build b/scripts/Makefile.build > index a467b9323442..bca7003beac8 100644 > --- a/scripts/Makefile.build > +++ b/scripts/Makefile.build > @@ -382,6 +382,11 @@ quiet_cmd_asn1_compiler = ASN.1 $(basename $@).[ch] > cmd_asn1_compiler = $(objtree)/scripts/asn1_compiler $< \ > $(basename $@).c $(basename $@).h > > +ifndef CONFIG_ASN1 > +$(objtree)/scripts/asn1_compiler: > + $(error CONFIG_ASN1 must be defined for the asn1_compiler) > +endif > + > $(obj)/%.asn1.c $(obj)/%.asn1.h: $(src)/%.asn1 $(objtree)/scripts/asn1_compiler > $(call cmd,asn1_compiler) Is there a better way via Kconfig to gate whatever consumes CONFIG_ASN1 on CONFIG_ASN1 being set, rather than erroring for randconfig builds? I don't see how the diff would solve the case of CI systems doing randconfig builds. -- Thanks, ~Nick Desaulniers From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91213C4363D for ; Tue, 22 Sep 2020 19:14:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4A6862068D for ; Tue, 22 Sep 2020 19:14:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="c2pAKhYM" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726608AbgIVTOV (ORCPT ); Tue, 22 Sep 2020 15:14:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53262 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726573AbgIVTOU (ORCPT ); Tue, 22 Sep 2020 15:14:20 -0400 Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C029CC061755 for ; Tue, 22 Sep 2020 12:14:20 -0700 (PDT) Received: by mail-pf1-x443.google.com with SMTP id k8so13364841pfk.2 for ; Tue, 22 Sep 2020 12:14:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ny/WX3SoGi3xA0aasg0y+S/O8JpZEz3cKfWCtfobAKg=; b=c2pAKhYMfHPIvLNmZSQq/lUseuE2S6srkxcNVjAWRA3EAQyE4atTSXfXTAbReYVors he2fThmMzezK+5ylnM4BuEvfPS+ZwQPjTGE1yvWgaNuD05j3do76CeSkQ+Rpg2tuw1UN F/ZFOx4It1hffjBmBfcD50MY70vFFuJpw2pWKgKQxYW/Q1Vplj5tmNSkfsVlP5N2TiOU 4Tgoh6BrW0B776Okcdeqz1M/yTpT4dai4ajcRs3Aj2PzIwQPpsigrQ7+Ionx0QCoSd3U 480ZUxP7FwKS1MaQzO2nuUdnc/3wjZQXMHg2NXyuzKQWpCPMYdrjl6DIjVVAaTGyKCbl dW8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ny/WX3SoGi3xA0aasg0y+S/O8JpZEz3cKfWCtfobAKg=; b=C4yX891oFFsCHYzgKBJpSRax4emLcwwep8HezsI9wlv7+uRWPrAXJ4fX86zLf4550Q JLbhfZ4On4IfYcyZdYrCM4RpO+NVAnY3sw7eEC+CwHLk03VWXSUQQzESDPRBBzfwSHAr ji91KJ/Ygv41udEEUmDAF3jF1sKpAbodhjs9Ztam6raVoWm2nDjtF39MpIy02NfVuesv dN69z+UbWqZjgHIUnb/CbziPC/Eq2Eg11zMwNNMlepd4+x0LcrTs62vpkcNB4WEF1Whl tJ+nl1ne/KENafrIqlRpiygrTABzuYHDUeBLcJM/gIMdDkoiY8AcA2hCzvKqOm86uPNv TcgA== X-Gm-Message-State: AOAM532gyWUIA2bwWP2jrfKQsUgN5/b3SlXhghf4Z+0NWksuRKLjTfxo GEJou9CCuozNSAZZZEadMh2uvShqj6wIQkyNe+eL1Ag6Rs7sVg== X-Google-Smtp-Source: ABdhPJx4+wQxUK2XmbPbZBrNY6pjvXyGq/eRBNGPwDxkBquhF1pENXesdgLF3QEPdD09v5Qog83AWah/9qGR004BUz0= X-Received: by 2002:a65:554a:: with SMTP id t10mr4839340pgr.263.1600802060042; Tue, 22 Sep 2020 12:14:20 -0700 (PDT) MIME-Version: 1.0 References: <20200920163351.11293-5-James.Bottomley@HansenPartnership.com> <202009210844.KCwzdqmx%lkp@intel.com> <2d395d924b70fba7f1867eb83946497ce1f6eb47.camel@HansenPartnership.com> In-Reply-To: <2d395d924b70fba7f1867eb83946497ce1f6eb47.camel@HansenPartnership.com> From: Nick Desaulniers Date: Tue, 22 Sep 2020 12:14:08 -0700 Message-ID: Subject: Re: [PATCH v12 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs To: James Bottomley , Masahiro Yamada , Philip Li Cc: kernel test robot , linux-integrity@vger.kernel.org, kbuild-all@lists.01.org, clang-built-linux , Mimi Zohar , Jarkko Sakkinen , David Woodhouse , keyrings@vger.kernel.org, David Howells , Arnd Bergmann Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Mon, Sep 21, 2020 at 2:31 PM James Bottomley wrote: > > On Mon, 2020-09-21 at 08:07 +0800, kernel test robot wrote: > > Hi James, > > > > I love your patch! Yet something to improve: > > > > [auto build test ERROR on integrity/next-integrity] > > [also build test ERROR on linus/master v5.9-rc5 next-20200918] > > [cannot apply to security/next-testing dhowells-fs/fscache-next] > > [If your patch is applied to the wrong git tree, kindly drop us a > > note. And when submitting patch, we suggest to use '--base' as > > documented in https://git-scm.com/docs/git-format-patch] > > > > url: > > https://github.com/0day-ci/linux/commits/James-Bottomley/TPM-2-0-trusted-key-rework/20200921-003922 > > base: > > https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git > > next-integrity > > config: x86_64-randconfig-a003-20200921 (attached as .config) > > compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project > > f4e554180962aa6bc93678898b6933ea712bde50) > > reproduce (this is a W=1 build): > > wget > > https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross > > -O ~/bin/make.cross > > chmod +x ~/bin/make.cross > > # install x86_64 cross compiling tool for clang build > > # apt-get install binutils-x86-64-linux-gnu > > # save the attached .config to linux build tree > > COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross > > ARCH=x86_64 > > > > If you fix the issue, kindly add following tag as appropriate > > Reported-by: kernel test robot > > > > All errors (new ones prefixed by >>): > > > > > > make[4]: *** No rule to make target 'security/keys/trusted- > > > > keys/tpm2key.asn1.o', needed by 'security/keys/trusted- > > > > keys/built-in.a'. > > make[4]: *** [scripts/Makefile.build:283: security/keys/trusted- > > keys/trusted_tpm2.o] Error 1 > > make[4]: Target '__build' not remade because of errors. > > > So can I still add that tracking this down involved installing an > entirely unnecessary ARM build environment, which was a huge effort I > didn't need to do if you'd just provided the build log which fingered > the ASN.1 compiler problem if you know what to look for. Having a link to the build log artifact is a valid criticism. > > The reason for the problem is because ASN1 isn't selected in the > Kconfig which causes the ASN.1 compiler not to be built. The way our > current build rules are structured causes the make rule for this simply > to be skipped, which means you have to know to look for the absence of > ASN.1 in the build log. I propose adding this to the build rules, > which produces the much more explicit: > > /home/jejb/git/linux-build/scripts/Makefile.build:387: *** CONFIG_ASN1 must be defined for the asn1_compiler. Stop. > make[3]: *** [/home/jejb/git/linux-build/scripts/Makefile.build:505: security/keys/trusted-keys] Error 2 > > James > > --- > > diff --git a/scripts/Makefile.build b/scripts/Makefile.build > index a467b9323442..bca7003beac8 100644 > --- a/scripts/Makefile.build > +++ b/scripts/Makefile.build > @@ -382,6 +382,11 @@ quiet_cmd_asn1_compiler = ASN.1 $(basename $@).[ch] > cmd_asn1_compiler = $(objtree)/scripts/asn1_compiler $< \ > $(basename $@).c $(basename $@).h > > +ifndef CONFIG_ASN1 > +$(objtree)/scripts/asn1_compiler: > + $(error CONFIG_ASN1 must be defined for the asn1_compiler) > +endif > + > $(obj)/%.asn1.c $(obj)/%.asn1.h: $(src)/%.asn1 $(objtree)/scripts/asn1_compiler > $(call cmd,asn1_compiler) Is there a better way via Kconfig to gate whatever consumes CONFIG_ASN1 on CONFIG_ASN1 being set, rather than erroring for randconfig builds? I don't see how the diff would solve the case of CI systems doing randconfig builds. -- Thanks, ~Nick Desaulniers From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: multipart/mixed; boundary="===============5322578406072086792==" MIME-Version: 1.0 From: Nick Desaulniers To: kbuild-all@lists.01.org Subject: Re: [PATCH v12 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs Date: Tue, 22 Sep 2020 12:14:08 -0700 Message-ID: In-Reply-To: <2d395d924b70fba7f1867eb83946497ce1f6eb47.camel@HansenPartnership.com> List-Id: --===============5322578406072086792== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On Mon, Sep 21, 2020 at 2:31 PM James Bottomley wrote: > > On Mon, 2020-09-21 at 08:07 +0800, kernel test robot wrote: > > Hi James, > > > > I love your patch! Yet something to improve: > > > > [auto build test ERROR on integrity/next-integrity] > > [also build test ERROR on linus/master v5.9-rc5 next-20200918] > > [cannot apply to security/next-testing dhowells-fs/fscache-next] > > [If your patch is applied to the wrong git tree, kindly drop us a > > note. And when submitting patch, we suggest to use '--base' as > > documented in https://git-scm.com/docs/git-format-patch] > > > > url: > > https://github.com/0day-ci/linux/commits/James-Bottomley/TPM-2-0-truste= d-key-rework/20200921-003922 > > base: > > https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.g= it > > next-integrity > > config: x86_64-randconfig-a003-20200921 (attached as .config) > > compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project > > f4e554180962aa6bc93678898b6933ea712bde50) > > reproduce (this is a W=3D1 build): > > wget > > https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross > > -O ~/bin/make.cross > > chmod +x ~/bin/make.cross > > # install x86_64 cross compiling tool for clang build > > # apt-get install binutils-x86-64-linux-gnu > > # save the attached .config to linux build tree > > COMPILER_INSTALL_PATH=3D$HOME/0day COMPILER=3Dclang make.cross > > ARCH=3Dx86_64 > > > > If you fix the issue, kindly add following tag as appropriate > > Reported-by: kernel test robot > > > > All errors (new ones prefixed by >>): > > > > > > make[4]: *** No rule to make target 'security/keys/trusted- > > > > keys/tpm2key.asn1.o', needed by 'security/keys/trusted- > > > > keys/built-in.a'. > > make[4]: *** [scripts/Makefile.build:283: security/keys/trusted- > > keys/trusted_tpm2.o] Error 1 > > make[4]: Target '__build' not remade because of errors. > > > So can I still add that tracking this down involved installing an > entirely unnecessary ARM build environment, which was a huge effort I > didn't need to do if you'd just provided the build log which fingered > the ASN.1 compiler problem if you know what to look for. Having a link to the build log artifact is a valid criticism. > > The reason for the problem is because ASN1 isn't selected in the > Kconfig which causes the ASN.1 compiler not to be built. The way our > current build rules are structured causes the make rule for this simply > to be skipped, which means you have to know to look for the absence of > ASN.1 in the build log. I propose adding this to the build rules, > which produces the much more explicit: > > /home/jejb/git/linux-build/scripts/Makefile.build:387: *** CONFIG_ASN1 mu= st be defined for the asn1_compiler. Stop. > make[3]: *** [/home/jejb/git/linux-build/scripts/Makefile.build:505: secu= rity/keys/trusted-keys] Error 2 > > James > > --- > > diff --git a/scripts/Makefile.build b/scripts/Makefile.build > index a467b9323442..bca7003beac8 100644 > --- a/scripts/Makefile.build > +++ b/scripts/Makefile.build > @@ -382,6 +382,11 @@ quiet_cmd_asn1_compiler =3D ASN.1 $(basename $@).[= ch] > cmd_asn1_compiler =3D $(objtree)/scripts/asn1_compiler $< \ > $(basename $@).c $(basename $@).h > > +ifndef CONFIG_ASN1 > +$(objtree)/scripts/asn1_compiler: > + $(error CONFIG_ASN1 must be defined for the asn1_compiler) > +endif > + > $(obj)/%.asn1.c $(obj)/%.asn1.h: $(src)/%.asn1 $(objtree)/scripts/asn1_c= ompiler > $(call cmd,asn1_compiler) Is there a better way via Kconfig to gate whatever consumes CONFIG_ASN1 on CONFIG_ASN1 being set, rather than erroring for randconfig builds? I don't see how the diff would solve the case of CI systems doing randconfig builds. -- = Thanks, ~Nick Desaulniers --===============5322578406072086792==--