On Fri, Jun 01, 2018 at 04:02:43PM -0700, Matthew Garrett wrote: > Trying to instantiate a non-existent crypto algorithm will cause the > kernel to trigger a module load. If EVM appraisal is enabled, this will > in turn trigger appraisal of the module, which will fail because the > crypto algorithm isn't available. Add a CRYPTO_NOLOAD flag and skip > module loading if it's set, and add that flag in the EVM case. > > Signed-off-by: Matthew Garrett <mjg59@xxxxxxxxxx> I don't get it. Without your patch it will fail because the EVM appraisal fails. With your patch it will fail because there is no algorithm registered. So what's the difference? Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt