projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a422638)
ima: extend the measurement entry specific pcr
authorEric Richter <erichte@linux.vnet.ibm.com>
Wed, 1 Jun 2016 18:14:07 +0000 (13:14 -0500)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 30 Jun 2016 05:14:22 +0000 (01:14 -0400)
Extend the PCR supplied as a parameter, instead of assuming that the
measurement entry uses the default configured PCR.

Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
security/integrity/ima/ima_queue.c patch | blob | blame | history

diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 04a9ac13e85ec6a280d829c51caf1f9858c07421..32f6ac0f96dfb0ed3c8d296c817e97946834c28e 100644 (file)
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -90,14 +90,14 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)
        return 0;
 }
 
-static int ima_pcr_extend(const u8 *hash)
+static int ima_pcr_extend(const u8 *hash, int pcr)
 {
        int result = 0;
 
        if (!ima_used_chip)
                return result;
 
-       result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);
+       result = tpm_pcr_extend(TPM_ANY_NUM, pcr, hash);
        if (result != 0)
                pr_err("Error Communicating to TPM chip, result: %d\n", result);
        return result;
@@ -136,7 +136,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
        if (violation)          /* invalidate pcr */
                memset(digest, 0xff, sizeof(digest));
 
-       tpmresult = ima_pcr_extend(digest);
+       tpmresult = ima_pcr_extend(digest, entry->pcr);
        if (tpmresult != 0) {
                snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
                         tpmresult);