Re: [PATCH v3 3/3] powerpc: Add support to initialize ima policy rules

From: Nayna
Date: Tue Jun 11 2019 - 13:12:20 EST

On 06/11/2019 01:19 AM, Satheesh Rajendran wrote:
On Mon, Jun 10, 2019 at 04:33:57PM -0400, Nayna Jain wrote:
PowerNV secure boot relies on the kernel IMA security subsystem to
perform the OS kernel image signature verification. Since each secure
boot mode has different IMA policy requirements, dynamic definition of
the policy rules based on the runtime secure boot mode of the system is
required. On systems that support secure boot, but have it disabled,
only measurement policy rules of the kernel image and modules are

This patch defines the arch-specific implementation to retrieve the
secure boot mode of the system and accordingly configures the IMA policy

This patch provides arch-specific IMA policies if PPC_SECURE_BOOT
config is enabled.

Signed-off-by: Nayna Jain <nayna@xxxxxxxxxxxxx>
arch/powerpc/Kconfig | 14 +++++++++
arch/powerpc/kernel/Makefile | 1 +
arch/powerpc/kernel/ima_arch.c | 54 ++++++++++++++++++++++++++++++++++
include/linux/ima.h | 3 +-
4 files changed, 71 insertions(+), 1 deletion(-)
create mode 100644 arch/powerpc/kernel/ima_arch.c

This series failed to build against linuxppc/merge tree with `ppc64le_defconfig`,

arch/powerpc/platforms/powernv/secboot.c:14:6: error: redefinition of 'get_powerpc_sb_mode'
14 | bool get_powerpc_sb_mode(void)
| ^~~~~~~~~~~~~~~~~~~
In file included from arch/powerpc/platforms/powernv/secboot.c:11:
./arch/powerpc/include/asm/secboot.h:15:20: note: previous definition of 'get_powerpc_sb_mode' was here
15 | static inline bool get_powerpc_sb_mode(void)
| ^~~~~~~~~~~~~~~~~~~
make[3]: *** [scripts/ arch/powerpc/platforms/powernv/secboot.o] Error 1
make[3]: *** Waiting for unfinished jobs....
make[2]: *** [scripts/ arch/powerpc/platforms/powernv] Error 2
make[1]: *** [scripts/ arch/powerpc/platforms] Error 2
make: *** [Makefile:1071: arch/powerpc] Error 2
make: *** Waiting for unfinished jobs....

Thanks for reporting. I have fixed it and reposted as v4.

Please retry.

Thanks & Regards,
ÂÂÂÂ - Nayna