Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
From: Nayna <nayna@linux.vnet.ibm.com>
To: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>,
	Nayna Jain <nayna@linux.ibm.com>
Cc: linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org,
	linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Claudio Carvalho <cclaudio@linux.ibm.com>,
	Mimi Zohar <zohar@linux.ibm.com>,
	Matthew Garret <matthew.garret@nebula.com>,
	Paul Mackerras <paulus@samba.org>, Jeremy Kerr <jk@ozlabs.org>
Subject: Re: [PATCH v3 3/3] powerpc: Add support to initialize ima policy rules
Date: Tue, 11 Jun 2019 13:07:39 -0400
Message-ID: <d596d03f-7aaf-d0af-ee45-92a990292ad0@linux.vnet.ibm.com> (raw)
In-Reply-To: <20190611051943.GA7516@sathnaga86.in.ibm.com>



On 06/11/2019 01:19 AM, Satheesh Rajendran wrote:
> On Mon, Jun 10, 2019 at 04:33:57PM -0400, Nayna Jain wrote:
>> PowerNV secure boot relies on the kernel IMA security subsystem to
>> perform the OS kernel image signature verification. Since each secure
>> boot mode has different IMA policy requirements, dynamic definition of
>> the policy rules based on the runtime secure boot mode of the system is
>> required. On systems that support secure boot, but have it disabled,
>> only measurement policy rules of the kernel image and modules are
>> defined.
>>
>> This patch defines the arch-specific implementation to retrieve the
>> secure boot mode of the system and accordingly configures the IMA policy
>> rules.
>>
>> This patch provides arch-specific IMA policies if PPC_SECURE_BOOT
>> config is enabled.
>>
>> Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
>> ---
>>   arch/powerpc/Kconfig           | 14 +++++++++
>>   arch/powerpc/kernel/Makefile   |  1 +
>>   arch/powerpc/kernel/ima_arch.c | 54 ++++++++++++++++++++++++++++++++++
>>   include/linux/ima.h            |  3 +-
>>   4 files changed, 71 insertions(+), 1 deletion(-)
>>   create mode 100644 arch/powerpc/kernel/ima_arch.c
> Hi,
>
> This series failed to build against linuxppc/merge tree with `ppc64le_defconfig`,
>
> arch/powerpc/platforms/powernv/secboot.c:14:6: error: redefinition of 'get_powerpc_sb_mode'
>     14 | bool get_powerpc_sb_mode(void)
>        |      ^~~~~~~~~~~~~~~~~~~
> In file included from arch/powerpc/platforms/powernv/secboot.c:11:
> ./arch/powerpc/include/asm/secboot.h:15:20: note: previous definition of 'get_powerpc_sb_mode' was here
>     15 | static inline bool get_powerpc_sb_mode(void)
>        |                    ^~~~~~~~~~~~~~~~~~~
> make[3]: *** [scripts/Makefile.build:278: arch/powerpc/platforms/powernv/secboot.o] Error 1
> make[3]: *** Waiting for unfinished jobs....
> make[2]: *** [scripts/Makefile.build:489: arch/powerpc/platforms/powernv] Error 2
> make[1]: *** [scripts/Makefile.build:489: arch/powerpc/platforms] Error 2
> make: *** [Makefile:1071: arch/powerpc] Error 2
> make: *** Waiting for unfinished jobs....


Thanks for reporting. I have fixed it and reposted as v4.

Please retry.

Thanks & Regards,
      - Nayna



      reply index

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-10 20:33 [PATCH v3 0/3] powerpc: Enabling IMA arch specific secure boot policies Nayna Jain
2019-06-10 20:33 ` [PATCH v3 1/3] powerpc/powernv: Add OPAL API interface to get secureboot state Nayna Jain
2019-06-12  6:17   ` Daniel Axtens
     [not found]     ` <eaa37bd0-a77d-d70a-feb5-c0e73ce231bf@linux.vnet.ibm.com>
2019-06-12 23:04       ` Daniel Axtens
2019-06-14 22:22         ` Nayna
2019-06-16 23:56           ` Daniel Axtens
2019-06-10 20:33 ` [PATCH v3 2/3] powerpc/powernv: detect the secure boot mode of the system Nayna Jain
2019-06-10 20:33 ` [PATCH v3 3/3] powerpc: Add support to initialize ima policy rules Nayna Jain
2019-06-11  5:19   ` Satheesh Rajendran
2019-06-11 17:07     ` Nayna [this message]

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d596d03f-7aaf-d0af-ee45-92a990292ad0@linux.vnet.ibm.com \
    --to=nayna@linux.vnet.ibm.com \
    --cc=ard.biesheuvel@linaro.org \
    --cc=cclaudio@linux.ibm.com \
    --cc=jk@ozlabs.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@ozlabs.org \
    --cc=matthew.garret@nebula.com \
    --cc=nayna@linux.ibm.com \
    --cc=paulus@samba.org \
    --cc=sathnaga@linux.vnet.ibm.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox