On Sun, 2019-02-03 at 23:59 +0800, Kairui Song wrote: > Commit 15ebb2eb0705 ("integrity, KEYS: add a reference to platform > keyring") introduced a function set_platform_trusted_keys > and calls the function in __integrity_init_keyring. > > It only checks if CONFIG_INTEGRITY_PLATFORM_KEYRING is enabled when > enabling this function, but actually this function also depends on > CONFIG_SYSTEM_TRUSTED_KEYRING. > > So when built with CONFIG_INTEGRITY_PLATFORM_KEYRING && > !CONFIG_SYSTEM_TRUSTED_KEYRING. we will get following error: > > digsig.c:92: undefined reference to `set_platform_trusted_keys' > > And it also mistakenly wrapped the function code in the ifdef block of > CONFIG_SYSTEM_DATA_VERIFICATION. > > This commit fixes the issue by adding the missing check of > CONFIG_SYSTEM_TRUSTED_KEYRING and move the function code out of > CONFIG_SYSTEM_DATA_VERIFICATION's ifdef block. > > Fixes: 15ebb2eb0705 ("integrity, KEYS: add a reference to platform keyring") > Signed-off-by: Kairui Song <kasong@xxxxxxxxxx> Thank you. As the original patch hasn't yet been upstreamed , I plan on squashing them. Mimi > --- > certs/system_keyring.c | 4 ++-- > include/keys/system_keyring.h | 9 +++------ > 2 files changed, 5 insertions(+), 8 deletions(-) > > diff --git a/certs/system_keyring.c b/certs/system_keyring.c > index 19bd0504bbcb..c05c29ae4d5d 100644 > --- a/certs/system_keyring.c > +++ b/certs/system_keyring.c > @@ -279,11 +279,11 @@ int verify_pkcs7_signature(const void *data, size_t len, > } > EXPORT_SYMBOL_GPL(verify_pkcs7_signature); > > +#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */ > + > #ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > void __init set_platform_trusted_keys(struct key *keyring) > { > platform_trusted_keys = keyring; > } > #endif > - > -#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */ > diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h > index c7f899ee974e..42a93eda331c 100644 > --- a/include/keys/system_keyring.h > +++ b/include/keys/system_keyring.h > @@ -61,16 +61,13 @@ static inline struct key *get_ima_blacklist_keyring(void) > } > #endif /* CONFIG_IMA_BLACKLIST_KEYRING */ > > -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > - > +#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \ > + defined(CONFIG_SYSTEM_TRUSTED_KEYRING) > extern void __init set_platform_trusted_keys(struct key *keyring); > - > #else > - > static inline void set_platform_trusted_keys(struct key *keyring) > { > } > - > -#endif /* CONFIG_INTEGRITY_PLATFORM_KEYRING */ > +#endif > > #endif /* _KEYS_SYSTEM_KEYRING_H */