Hi Eric,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on 6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f]

url:    https://github.com/0day-ci/linux/commits/Eric-Snowberg/Enroll-kernel-keys-thru-MOK/20210915-051742
base:   6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f
config: x86_64-randconfig-c022-20210916 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
        # https://github.com/0day-ci/linux/commit/f65599b2308bdd9f29cfafd3286622f71aafa0b5
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Eric-Snowberg/Enroll-kernel-keys-thru-MOK/20210915-051742
        git checkout f65599b2308bdd9f29cfafd3286622f71aafa0b5
        # save the attached .config to linux build tree
        mkdir build_dir
        make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   ld: crypto/asymmetric_keys/restrict.o: in function `restrict_link_by_ca':
>> crypto/asymmetric_keys/restrict.c:148: undefined reference to `public_key_verify_signature'


vim +148 crypto/asymmetric_keys/restrict.c

   110	
   111	/**
   112	 * restrict_link_by_ca - Restrict additions to a ring of CA keys
   113	 * @dest_keyring: Keyring being linked to.
   114	 * @type: The type of key being added.
   115	 * @payload: The payload of the new key.
   116	 * @trusted: Unused.
   117	 *
   118	 * Check if the new certificate is a CA. If it is a CA, then mark the new
   119	 * certificate as being ok to link.
   120	 *
   121	 * Returns 0 if the new certificate was accepted, -ENOKEY if we could not find
   122	 * a matching parent certificate in the trusted list.  -ENOPKG if the signature
   123	 * uses unsupported crypto, or some other error if there is a matching
   124	 * certificate  but the signature check cannot be performed.
   125	 */
   126	int restrict_link_by_ca(struct key *dest_keyring,
   127				const struct key_type *type,
   128				const union key_payload *payload,
   129				struct key *trust_keyring)
   130	{
   131		const struct public_key_signature *sig;
   132		const struct public_key *pkey;
   133	
   134		if (type != &key_type_asymmetric)
   135			return -EOPNOTSUPP;
   136	
   137		sig = payload->data[asym_auth];
   138		if (!sig)
   139			return -ENOPKG;
   140	
   141		if (!sig->auth_ids[0] && !sig->auth_ids[1])
   142			return -ENOKEY;
   143	
   144		pkey = payload->data[asym_crypto];
   145		if (!pkey)
   146			return -ENOPKG;
   147	
 > 148		return public_key_verify_signature(pkey, sig);
   149	}
   150	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org