Re: [PATCH] ima: make ASYMMETRIC_PUBLIC_KEY_SUBTYPE 'bool'
From: James Bottomley
Date: Tue Jan 07 2020 - 16:23:38 EST
On Tue, 2020-01-07 at 21:30 +0100, Arnd Bergmann wrote:
> The asymmetric key subtype is only used by the key subsystem that
> cannot itself be a loadable module, so when
> ASYMMETRIC_PUBLIC_KEY_SUBTYPE is set to =m, it just does not get
> used. It also produces a compile-time
> warning:
>
> WARNING: modpost: missing MODULE_LICENSE() in
> security/integrity/ima/ima_asymmetric_keys.o
>
> Make this a 'bool' symbol to avoid both problems.
>
> Fixes: 88e70da170e8 ("IMA: Define an IMA hook to measure keys")
> Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
> ---
> crypto/asymmetric_keys/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/crypto/asymmetric_keys/Kconfig
> b/crypto/asymmetric_keys/Kconfig
> index 1f1f004dc757..f2846293e4d5 100644
> --- a/crypto/asymmetric_keys/Kconfig
> +++ b/crypto/asymmetric_keys/Kconfig
> @@ -11,7 +11,7 @@ menuconfig ASYMMETRIC_KEY_TYPE
> if ASYMMETRIC_KEY_TYPE
>
> config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
> - tristate "Asymmetric public-key crypto algorithm subtype"
> + bool "Asymmetric public-key crypto algorithm subtype"
I believe the crypto guys do like stuff to be modular.
However, we've already implemented this solution:
https://lore.kernel.org/linux-integrity/20200107194350.3782-2-nramas@xxxxxxxxxxxxxxxxxxx/
To solve the problem via an intermediate boolean config variable.
James