From patchwork Sat Apr 16 20:33:54 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 102503 Delivered-To: patch@linaro.org Received: by 10.140.93.198 with SMTP id d64csp571769qge; Sat, 16 Apr 2016 13:35:14 -0700 (PDT) X-Received: by 10.98.71.156 with SMTP id p28mr38731242pfi.139.1460838914917; Sat, 16 Apr 2016 13:35:14 -0700 (PDT) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f90si10812612pfd.94.2016.04.16.13.35.14; Sat, 16 Apr 2016 13:35:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752091AbcDPUfK (ORCPT + 29 others); Sat, 16 Apr 2016 16:35:10 -0400 Received: from mout.kundenserver.de ([212.227.17.24]:53927 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751711AbcDPUfI (ORCPT ); Sat, 16 Apr 2016 16:35:08 -0400 Received: from wuerfel.lan. ([78.42.132.4]) by mrelayeu.kundenserver.de (mreue103) with ESMTPA (Nemesis) id 0MMpSB-1aqBbY3Vyp-008XWe; Sat, 16 Apr 2016 22:34:36 +0200 From: Arnd Bergmann To: Mimi Zohar , Dmitry Kasatkin Cc: Arnd Bergmann , James Morris , "Serge E. Hallyn" , Petko Manolov , David Howells , linux-ima-devel@lists.sourceforge.net, linux-ima-user@lists.sourceforge.net, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] IMA: add INTEGRITY_ASYMMETRIC_KEYS dependency Date: Sat, 16 Apr 2016 22:33:54 +0200 Message-Id: <1460838870-1251174-1-git-send-email-arnd@arndb.de> X-Mailer: git-send-email 2.7.0 X-Provags-ID: V03:K0:4xK1ANPWoPUZ+FMtdSwhgVVGnsRv522NrK22JgwOW4w98uK/3yt F29c/M/KvSD9OCajDu6DfXr7lgcpCOd0NVVPYR6VnjSaMFjomc83rhWCVvOtJjtOOiDr55t cWXWj9ovz8O+bYvI9f50MUvV/ALulQ5S+oJeZ1Q4IgdfPLpt5C1/agqS73LNPXXjyptQDrW FDDdFDmgQUL8DQBy7Yh9A== X-UI-Out-Filterresults: notjunk:1; V01:K0:3i1icZfaEJU=:iSQuMQJZjjn54DcEtxp4kN JefcThBOpLQI7q/ca54i2Mia/5DVJAwjeRd3obcXL4+YV2uXXyzQ72634enRtEbx4DgQH2TBm 33PsQ2zHxJZuQRhFIkO6Z85x0P2VKzNVwRqKMTH67ulvcvNI5QE8QdEWa/2UR9EHwQ8YC5BVQ ZNvF50UgBzeY6Rk8wJ84i1tgH6bNsBz1ZgBh7Qj1oNVC3JF+jFpfV/EJCsZe1xxPeC39jHZ9C 8AK0C6koewQnxOsroF6EVZZdw3od5dGS0t/hy4QXCVXer8UD9GSyrUjGGF/z59wFu778+jmzo L6GNcpDTAG4IP5SCiAAyL9iC//101c4DZaYZMcsh899EI380sI37iMVvguxtDb9LKRkGAlhl0 ZY4ggADTwWjvMty4/Gq6hCBhHnOfdW084txFpNVXWcxHe7D40CXWq7XU4WSrOP4bF3MMyOlj3 rmnUwdyNbqgfPQYjLdF8n2chpjjhTXKHel/lC0yN1T5rPgsKIxBEsmqOJWOAwqZD30wLXMxva Zy9890S3hk9KqoBZrOIxTplkMXN/QeseC/HSVWawPOR2K5zbazTD6NNd3WqywdytEaHdK0FoV DxIRTkV6uGJ6d9dQSOXRKogafEAit4tuSbrf6YkJ4+ch0LqKvLxqB5Y7xMR+amxv0TSzcQmdn +H0RyPxdgUZP8Pw7Nx6vU17kaAGBnYll99BVX/fdOWoLAE1Kpp71dbdHaCZCbjll6R/A= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The newly added CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY option only makes sense in combination with INTEGRITY_ASYMMETRIC_KEYS, otherwise we get a build error: warning: (IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY) selects INTEGRITY_TRUSTED_KEYRING which has unmet direct dependencies (INTEGRITY && SYSTEM_TRUSTED_KEYRING && INTEGRITY_ASYMMETRIC_KEYS) security/integrity/evm/evm_main.c: In function 'evm_load_x509': security/integrity/evm/evm_main.c:494:7: error: implicit declaration of function 'integrity_load_x509' rc = integrity_load_x509(INTEGRITY_KEYRING_EVM, CONFIG_EVM_X509_PATH); This adds a Kconfig dependency. Signed-off-by: Arnd Bergmann Fixes: 9e1bbe8b8992 ("IMA: Use the the system trusted keyrings instead of .ima_mok") --- security/integrity/ima/Kconfig | 1 + 1 file changed, 1 insertion(+) -- 2.7.0 diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index aab9b0a53edf..5487827fa86c 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -159,6 +159,7 @@ config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)" depends on SYSTEM_TRUSTED_KEYRING depends on SECONDARY_TRUSTED_KEYRING + depends on INTEGRITY_ASYMMETRIC_KEYS select INTEGRITY_TRUSTED_KEYRING default n help