Re: [PATCH 0/6] security/keys/encrypted: Break module dependency chain

From: Dan Williams
Date: Tue Mar 19 2019 - 17:01:59 EST


On Mon, Mar 18, 2019 at 11:18 PM Dan Williams <dan.j.williams@xxxxxxxxx> wrote:
>
> With v5.1-rc1 all the nvdimm sub-system regression tests started failing
> because the libnvdimm module failed to load in the qemu-kvm test
> environment. Critically that environment does not have a TPM. Commit
> 240730437deb "KEYS: trusted: explicitly use tpm_chip structure..."
> started to require a TPM to be present for the trusted.ko module to load
> where there was no requirement for that before.
>
> Rather than undo the "fail if no hardware" behavior James points out
> that the module dependencies can be broken by looking up the key-type by
> name. Remove the dependencies on the "key_type_trusted" and
> "key_type_encrypted" symbol exports, and clean up other boilerplate that
> supported those exports in different configurations.

Any feedback? Was hoping to get at least patch1 in the queue for
v5.1-rc2 since this effectively disables the nvdimm driver on typical
configurations. Jarkko, would you be willing to merge it since the
regression came through your tree?

> Dan Williams (6):
> security/keys/encrypted: Allow operation without trusted.ko
> security/keys/encrypted: Clean up request_trusted_key()
> libnvdimm/security: Drop direct dependency on key_type_encrypted
> security/keys/ecryptfs: Drop direct dependency on key_type_encrypted
> security/integrity/evm: Drop direct dependency on key_type_encrypted
> security/keys/encrypted: Drop export of key_type_encrypted
>
>
> drivers/nvdimm/security.c | 11 ++++-
> fs/ecryptfs/ecryptfs_kernel.h | 22 -----------
> fs/ecryptfs/keystore.c | 12 ++++++
> include/keys/encrypted-type.h | 2 -
> include/linux/key.h | 1
> security/integrity/evm/evm_crypto.c | 9 ++++
> security/keys/encrypted-keys/Makefile | 3 -
> security/keys/encrypted-keys/encrypted.c | 35 ++++++++++++++++-
> security/keys/encrypted-keys/encrypted.h | 12 ------
> security/keys/encrypted-keys/masterkey_trusted.c | 46 ----------------------
> security/keys/internal.h | 2 -
> security/keys/key.c | 1
> 12 files changed, 65 insertions(+), 91 deletions(-)
> delete mode 100644 security/keys/encrypted-keys/masterkey_trusted.c