Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 544e1cea authored by Eric Richter's avatar Eric Richter Committed by Mimi Zohar
Browse files

ima: extend the measurement entry specific pcr 



Extend the PCR supplied as a parameter, instead of assuming that the
measurement entry uses the default configured PCR.

Signed-off-by: default avatarEric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent a422638d

security/integrity/ima/ima_queue.c

+3 −3
Original line number Original line Diff line number Diff line
@@ -90,14 +90,14 @@ static int ima_add_digest_entry(struct ima_template_entry *entry) 
	return 0;

	return 0;

}

}





static int ima_pcr_extend(const u8 *hash)

static int ima_pcr_extend(const u8 *hash, int pcr)

{

{

	int result = 0;

	int result = 0;





	if (!ima_used_chip)

	if (!ima_used_chip)

		return result;

		return result;





	result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);

	result = tpm_pcr_extend(TPM_ANY_NUM, pcr, hash);

	if (result != 0)

	if (result != 0)

		pr_err("Error Communicating to TPM chip, result: %d\n", result);

		pr_err("Error Communicating to TPM chip, result: %d\n", result);

	return result;

	return result;
@@ -136,7 +136,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, 
	if (violation)		/* invalidate pcr */

	if (violation)		/* invalidate pcr */

		memset(digest, 0xff, sizeof(digest));

		memset(digest, 0xff, sizeof(digest));





	tpmresult = ima_pcr_extend(digest);

	tpmresult = ima_pcr_extend(digest, entry->pcr);

	if (tpmresult != 0) {

	if (tpmresult != 0) {

		snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",

		snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",

			 tpmresult);

			 tpmresult);