[PATCH v2] KEYS: trusted: fix use as module when CONFIG_TCG_TPM=m
Jarkko Sakkinen
jarkko at kernel.org
Tue Jul 27 03:04:33 UTC 2021
On Wed, Jul 21, 2021 at 06:02:59PM +0200, Ahmad Fatoum wrote:
> Since commit 5d0682be3189 ("KEYS: trusted: Add generic trusted keys
> framework"), trusted.ko built with CONFIG_TCG_TPM=CONFIG_TRUSTED_KEYS=m
> will not register the TPM trusted key type at runtime.
>
> This is because, after that rework, CONFIG_DEPENDENCY of the TPM
> and TEE backends were checked with #ifdef, but that's only true
> when they're built-in.
>
> Fix this by introducing two new boolean Kconfig symbols:
> TRUSTED_KEYS_TPM and TRUSTED_KEYS_TEE with the appropriate
> dependencies and use them to check which backends are available.
>
> This also has a positive effect on user experience:
>
> - It's now possible to use TEE trusted keys without CONFIG_TCG_TPM
> - It's now possible to enable CONFIG_TCG_TPM, but exclude TPM from
> available trust sources
> - TEE=m && TRUSTED_KEYS=y no longer leads to TEE support
> being silently dropped
>
> Any code depending on the TPM trusted key backend or symbols exported
> by it will now need to explicitly state that it
>
> depends on TRUSTED_KEYS && TRUSTED_KEYS_TPM
>
> The latter to ensure the dependency is built and the former to ensure
> it's reachable for module builds. This currently only affects
> CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE, so it's fixed up here as well.
>
> Reported-by: Andreas Rammhold <andreas at rammhold.de>
> Fixes: 5d0682be3189 ("KEYS: trusted: Add generic trusted keys framework")
> Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
Is it absolutely need to do all this *just* to fix the bug?
For a pure bug fix the most essential thing is to be able the backport
it to stable kernels.
I don't really care at all about extra niceties ("it's now possible
stuff).
This looks like a bug fix and improvements bundle into a single patch.
/Jarkko
More information about the Linux-security-module-archive
mailing list