xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ima: extend the measurement entry specific pcr

Browse Source 
Extend the PCR supplied as a parameter, instead of assuming that the
measurement entry uses the default configured PCR.

Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Eric Richter
2016-06-01 13:14:07 -05:00
committed by Mimi Zohar
parent a422638d49
commit 544e1cea03
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
security/integrity/ima/ima_queue.c
View File

@@ -90,14 +90,14 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)
return 0; return 0;
} }
static int ima_pcr_extend(const u8 *hash) static int ima_pcr_extend(const u8 *hash, int pcr)
{ {
int result = 0; int result = 0;
if (!ima_used_chip) if (!ima_used_chip)
return result; return result;
result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); result = tpm_pcr_extend(TPM_ANY_NUM, pcr, hash);
if (result != 0) if (result != 0)
pr_err("Error Communicating to TPM chip, result: %d\n", result); pr_err("Error Communicating to TPM chip, result: %d\n", result);
return result; return result;
@@ -136,7 +136,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
if (violation) /* invalidate pcr */ if (violation) /* invalidate pcr */
memset(digest, 0xff, sizeof(digest)); memset(digest, 0xff, sizeof(digest));
tpmresult = ima_pcr_extend(digest); tpmresult = ima_pcr_extend(digest, entry->pcr);
if (tpmresult != 0) { if (tpmresult != 0) {
snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)", snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
tpmresult); tpmresult);