On Mon, Jul 19, 2021 at 09:10:01AM +0200, Ahmad Fatoum wrote: > Hello Andreas, > > On 16.07.21 10:17, Andreas Rammhold wrote: > > Before this commit the kernel could end up with no trusted key sources > > even thought both of the currently supported backends (tpm & tee) were > > compoiled as modules. This manifested in the trusted key type not being > > registered at all. > > I assume (TPM) trusted key module use worked before the TEE rework? If so, > > an appropriate Fixes: Tag would then be in order. > > > When checking if a CONFIG_… preprocessor variable is defined we only > > test for the builtin (=y) case and not the module (=m) case. By using > > the IS_ENABLE(…) macro we to test for both cases. > > It looks to me like you could now provoke a link error if TEE is a module > and built-in trusted key core tries to link against trusted_key_tee_ops. > > One solution for that IS_REACHABLE(). Another is to address the root cause, > which is the inflexible trusted keys Kconfig description: > > - Trusted keys despite TEE support can still only be built when TCG_TPM is enabled > - There is no support to have TEE or TPM enabled without using those for > enabled trusted keys as well > - As you noticed, module build of the backend has issues > > I addressed these three issues in a patch[1], a month ago, but have yet to > receive feedback. Which of the patches is the bug fix? /Jarkko
