Re: [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
On Wed, 2014-12-03 at 09:48 -0500, Mimi Zohar wrote: > On Wed, 2014-12-03 at 17:04 +1100, Michael Ellerman wrote: > > On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to: > > > > warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies > > (TCG_TPM && PPC_PSERIES) > > tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to > > `.plpar_hcall_norets' > > > > I'm not sure why IMA needs to select those user-visible symbols, but if > > it must then the simplest fix is to just express the proper dependencies > > on the select. > > On systems without a TPM, IMA goes into a "by-pass" mode, which stores > the measurements without extending the TPM PCR. On Power, there isn't a > HW TPM, but on Power running PowerVM there is a virtual TPM(vTPM). On > Power running PowerKVM there isn't support for vTPM, yet. The Kconfig > needs to differentiate between the two. No it doesn't. We don't build different configs for guests on PowerVM vs PowerKVM. The code needs to handle detecting the presence or absence of the vTPM at runtime. But none of that relates to this build fix AFAICS. cheers -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
On Wed, 2014-12-03 at 17:04 +1100, Michael Ellerman wrote: > On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to: > > warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies > (TCG_TPM && PPC_PSERIES) > tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets' > > I'm not sure why IMA needs to select those user-visible symbols, but if > it must then the simplest fix is to just express the proper dependencies > on the select. On systems without a TPM, IMA goes into a "by-pass" mode, which stores the measurements without extending the TPM PCR. On Power, there isn't a HW TPM, but on Power running PowerVM there is a virtual TPM(vTPM). On Power running PowerKVM there isn't support for vTPM, yet. The Kconfig needs to differentiate between the two. > Signed-off-by: Michael Ellerman [CC'ing: Vicky(Lo, Hon Ching), Ashley Lai, George Wilson] Sorry, I'm still waiting to hear back from the developers/testers. Mimi > --- > security/integrity/ima/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > > Could someone please pick this up? > > diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig > index e099875643c5..b51668d04f9d 100644 > --- a/security/integrity/ima/Kconfig > +++ b/security/integrity/ima/Kconfig > @@ -10,7 +10,7 @@ config IMA > select CRYPTO_HASH_INFO > select TCG_TPM if HAS_IOMEM && !UML > select TCG_TIS if TCG_TPM && X86 > - select TCG_IBMVTPM if TCG_TPM && PPC64 > + select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES > help > The Trusted Computing Group(TCG) runtime Integrity > Measurement Architecture(IMA) maintains a list of hash -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
Hello, Yes, we will pick it up. Thanks, Dmitry On 03/12/14 08:04, Michael Ellerman wrote: > On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to: > > warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies > (TCG_TPM && PPC_PSERIES) > tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets' > > I'm not sure why IMA needs to select those user-visible symbols, but if > it must then the simplest fix is to just express the proper dependencies > on the select. > > Signed-off-by: Michael Ellerman > --- > security/integrity/ima/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > > Could someone please pick this up? > > diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig > index e099875643c5..b51668d04f9d 100644 > --- a/security/integrity/ima/Kconfig > +++ b/security/integrity/ima/Kconfig > @@ -10,7 +10,7 @@ config IMA > select CRYPTO_HASH_INFO > select TCG_TPM if HAS_IOMEM && !UML > select TCG_TIS if TCG_TPM && X86 > - select TCG_IBMVTPM if TCG_TPM && PPC64 > + select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES > help > The Trusted Computing Group(TCG) runtime Integrity > Measurement Architecture(IMA) maintains a list of hash -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
Hello, Yes, we will pick it up. Thanks, Dmitry On 03/12/14 08:04, Michael Ellerman wrote: On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to: warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM PPC_PSERIES) tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets' I'm not sure why IMA needs to select those user-visible symbols, but if it must then the simplest fix is to just express the proper dependencies on the select. Signed-off-by: Michael Ellerman m...@ellerman.id.au --- security/integrity/ima/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Could someone please pick this up? diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index e099875643c5..b51668d04f9d 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -10,7 +10,7 @@ config IMA select CRYPTO_HASH_INFO select TCG_TPM if HAS_IOMEM !UML select TCG_TIS if TCG_TPM X86 - select TCG_IBMVTPM if TCG_TPM PPC64 + select TCG_IBMVTPM if TCG_TPM PPC_PSERIES help The Trusted Computing Group(TCG) runtime Integrity Measurement Architecture(IMA) maintains a list of hash -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
On Wed, 2014-12-03 at 17:04 +1100, Michael Ellerman wrote: On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to: warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM PPC_PSERIES) tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets' I'm not sure why IMA needs to select those user-visible symbols, but if it must then the simplest fix is to just express the proper dependencies on the select. On systems without a TPM, IMA goes into a by-pass mode, which stores the measurements without extending the TPM PCR. On Power, there isn't a HW TPM, but on Power running PowerVM there is a virtual TPM(vTPM). On Power running PowerKVM there isn't support for vTPM, yet. The Kconfig needs to differentiate between the two. Signed-off-by: Michael Ellerman m...@ellerman.id.au [CC'ing: Vicky(Lo, Hon Ching), Ashley Lai, George Wilson] Sorry, I'm still waiting to hear back from the developers/testers. Mimi --- security/integrity/ima/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Could someone please pick this up? diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index e099875643c5..b51668d04f9d 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -10,7 +10,7 @@ config IMA select CRYPTO_HASH_INFO select TCG_TPM if HAS_IOMEM !UML select TCG_TIS if TCG_TPM X86 - select TCG_IBMVTPM if TCG_TPM PPC64 + select TCG_IBMVTPM if TCG_TPM PPC_PSERIES help The Trusted Computing Group(TCG) runtime Integrity Measurement Architecture(IMA) maintains a list of hash -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
On Wed, 2014-12-03 at 09:48 -0500, Mimi Zohar wrote: On Wed, 2014-12-03 at 17:04 +1100, Michael Ellerman wrote: On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to: warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM PPC_PSERIES) tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets' I'm not sure why IMA needs to select those user-visible symbols, but if it must then the simplest fix is to just express the proper dependencies on the select. On systems without a TPM, IMA goes into a by-pass mode, which stores the measurements without extending the TPM PCR. On Power, there isn't a HW TPM, but on Power running PowerVM there is a virtual TPM(vTPM). On Power running PowerKVM there isn't support for vTPM, yet. The Kconfig needs to differentiate between the two. No it doesn't. We don't build different configs for guests on PowerVM vs PowerKVM. The code needs to handle detecting the presence or absence of the vTPM at runtime. But none of that relates to this build fix AFAICS. cheers -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to: warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM && PPC_PSERIES) tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets' I'm not sure why IMA needs to select those user-visible symbols, but if it must then the simplest fix is to just express the proper dependencies on the select. Signed-off-by: Michael Ellerman --- security/integrity/ima/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Could someone please pick this up? diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index e099875643c5..b51668d04f9d 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -10,7 +10,7 @@ config IMA select CRYPTO_HASH_INFO select TCG_TPM if HAS_IOMEM && !UML select TCG_TIS if TCG_TPM && X86 - select TCG_IBMVTPM if TCG_TPM && PPC64 + select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES help The Trusted Computing Group(TCG) runtime Integrity Measurement Architecture(IMA) maintains a list of hash -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[RESEND PATCH] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met
On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to: warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM PPC_PSERIES) tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets' I'm not sure why IMA needs to select those user-visible symbols, but if it must then the simplest fix is to just express the proper dependencies on the select. Signed-off-by: Michael Ellerman m...@ellerman.id.au --- security/integrity/ima/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Could someone please pick this up? diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index e099875643c5..b51668d04f9d 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -10,7 +10,7 @@ config IMA select CRYPTO_HASH_INFO select TCG_TPM if HAS_IOMEM !UML select TCG_TIS if TCG_TPM X86 - select TCG_IBMVTPM if TCG_TPM PPC64 + select TCG_IBMVTPM if TCG_TPM PPC_PSERIES help The Trusted Computing Group(TCG) runtime Integrity Measurement Architecture(IMA) maintains a list of hash -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/