Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 96d450bb authored Jun 01, 2016 by Eric Richter Committed by Mimi Zohar Jun 30, 2016

integrity: add measured_pcrs field to integrity cache

To keep track of which measurements have been extended to which PCRs, this
patch defines a new integrity_iint_cache field named measured_pcrs. This
field is a bitmask of the PCRs measured. Each bit corresponds to a PCR
index. For example, bit 10 corresponds to PCR 10.

Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

parent f786b752

security/integrity/iint.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -79,6 +79,7 @@ static void iint_free(struct integrity_iint_cache *iint)
		iint->ima_bprm_status = INTEGRITY_UNKNOWN;
		iint->ima_read_status = INTEGRITY_UNKNOWN;
		iint->evm_status = INTEGRITY_UNKNOWN;
		iint->measured_pcrs = 0;
		kmem_cache_free(iint_cache, iint);
		}

		@@ -159,6 +160,7 @@ static void init_once(void *foo)
		iint->ima_bprm_status = INTEGRITY_UNKNOWN;
		iint->ima_read_status = INTEGRITY_UNKNOWN;
		iint->evm_status = INTEGRITY_UNKNOWN;
		iint->measured_pcrs = 0;
		}

		static int __init integrity_iintcache_init(void)

security/integrity/integrity.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -103,6 +103,7 @@ struct integrity_iint_cache {
		struct inode inode; / back pointer to inode in question */
		u64 version; /* track inode changes */
		unsigned long flags;
		unsigned long measured_pcrs;
		enum integrity_status ima_file_status:4;
		enum integrity_status ima_mmap_status:4;
		enum integrity_status ima_bprm_status:4;