On Wed, Jul 21, 2021 at 06:02:59PM +0200, Ahmad Fatoum wrote:

Since commit 5d0682be3189 ("KEYS: trusted: Add generic trusted keys
framework"), trusted.ko built with CONFIG_TCG_TPM=CONFIG_TRUSTED_KEYS=m
will not register the TPM trusted key type at runtime.

This is because, after that rework, CONFIG_DEPENDENCY of the TPM
and TEE backends were checked with #ifdef, but that's only true
when they're built-in.

Fix this by introducing two new boolean Kconfig symbols:
TRUSTED_KEYS_TPM and TRUSTED_KEYS_TEE with the appropriate
dependencies and use them to check which backends are available.

This also has a positive effect on user experience:

 - It's now possible to use TEE trusted keys without CONFIG_TCG_TPM
 - It's now possible to enable CONFIG_TCG_TPM, but exclude TPM from
   available trust sources
 - TEE=m && TRUSTED_KEYS=y no longer leads to TEE support
   being silently dropped

Any code depending on the TPM trusted key backend or symbols exported
by it will now need to explicitly state that it

  depends on TRUSTED_KEYS && TRUSTED_KEYS_TPM

The latter to ensure the dependency is built and the former to ensure
it's reachable for module builds. This currently only affects
CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE, so it's fixed up here as well.

Reported-by: Andreas Rammhold <redacted>
Fixes: 5d0682be3189 ("KEYS: trusted: Add generic trusted keys framework")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

Is it absolutely need to do all this *just* to fix the bug?

For a pure bug fix the most essential thing is to be able the backport
it to stable kernels.

I don't really care at all about extra niceties ("it's now possible
stuff).

This looks like a bug fix and improvements bundle into a single patch.

/Jarkko