* [PATCH] ima_evm_utils: emit the per TPM PCR bank "boot_aggregate" values
@ 2020-06-15 17:58 Mimi Zohar
2020-06-18 18:53 ` Petr Vorel
0 siblings, 1 reply; 2+ messages in thread
From: Mimi Zohar @ 2020-06-15 17:58 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Petr Vorel, Maurizio Drocco
Instead of emitting the per TPM PCR bank "boot_aggregate" values one
at a time, store them in a buffer and emit them all at once.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
src/evmctl.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 53 insertions(+), 2 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 675980823636..1d065ceed886 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1937,11 +1937,36 @@ static void calc_bootaggr(struct tpm_bank_info *bank)
}
out:
- printf("%s:", bank->algo_name);
- imaevm_hexdump(bank->digest, bank->digest_size);
#if OPENSSL_VERSION_NUMBER >= 0x10100000
EVP_MD_CTX_free(pctx);
#endif
+
+}
+
+/*
+ * The "boot_aggregate" format is the TPM PCR bank algorithm, a colon
+ * separator, followed by a per bank TPM PCR bank specific digest.
+ * Store the TPM PCR bank specific "boot_aggregate" value as a newline
+ * terminated string in the provided buffer.
+ */
+static int append_bootaggr(char *bootaggr, struct tpm_bank_info *tpm_banks)
+{
+ uint8_t *buf;
+ int j;
+
+ strcpy(bootaggr, tpm_banks->algo_name);
+ j = strlen(tpm_banks->algo_name);
+ bootaggr[j++] = ':';
+
+ for (buf = tpm_banks->digest;
+ buf < (tpm_banks->digest + tpm_banks->digest_size);
+ buf++) {
+ bootaggr[j++] = hex_asc_hi(*buf);
+ bootaggr[j++] = hex_asc_lo(*buf);
+ }
+
+ bootaggr[j++] = '\n';
+ return j;
}
/*
@@ -1953,7 +1978,10 @@ out:
static int cmd_ima_bootaggr(struct command *cmd)
{
struct tpm_bank_info *tpm_banks;
+ int bootaggr_len = 0;
+ char *bootaggr;
int num_banks = 0;
+ int offset = 0;
int i;
tpm_banks = init_tpm_banks(&num_banks);
@@ -1963,11 +1991,34 @@ static int cmd_ima_bootaggr(struct command *cmd)
return -1;
}
+ /*
+ * Allocate enough memory for the per TPM 2.0 PCR bank algorithm,
+ * the colon separator, the boot_aggregate digest and newline.
+ *
+ * Format: <hash algorithm name>:<boot_aggregate digest>\n ...
+ */
+ for (i = 0; i < num_banks; i++) {
+ if (!tpm_banks[i].supported)
+ continue;
+ bootaggr_len += strlen(tpm_banks[i].algo_name) + 1;
+ bootaggr_len += (tpm_banks[i].digest_size * 2) + 1;
+ }
+ bootaggr = malloc(bootaggr_len);
+
+ /*
+ * Calculate and convert the per TPM 2.0 PCR bank algorithm
+ * "boot_aggregate" digest from binary to asciihex. Store the
+ * "boot_aggregate" values as a list of newline terminated
+ * strings.
+ */
for (i = 0; i < num_banks; i++) {
if (!tpm_banks[i].supported)
continue;
calc_bootaggr(&tpm_banks[i]);
+ offset += append_bootaggr(bootaggr + offset, tpm_banks + i);
}
+ printf("%s", bootaggr);
+ free(bootaggr);
return 0;
}
--
2.7.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] ima_evm_utils: emit the per TPM PCR bank "boot_aggregate" values
2020-06-15 17:58 [PATCH] ima_evm_utils: emit the per TPM PCR bank "boot_aggregate" values Mimi Zohar
@ 2020-06-18 18:53 ` Petr Vorel
0 siblings, 0 replies; 2+ messages in thread
From: Petr Vorel @ 2020-06-18 18:53 UTC (permalink / raw)
To: Mimi Zohar; +Cc: linux-integrity, Maurizio Drocco
Hi Mimi,
> Instead of emitting the per TPM PCR bank "boot_aggregate" values one
> at a time, store them in a buffer and emit them all at once.
Thanks for notifying me.
I see you already pushed this commit into next-testing
and I found few problems, thus posted patches to ML: segfault bug on system with
TPM 1.2 only [1], running tsspcrread on system without TPM [2] and logging
problem [3].
I'll move the discussion there.
Kind regards,
Petr
[1] https://patchwork.kernel.org/patch/11612893/
[2] https://patchwork.kernel.org/patch/11612911/
[3] https://patchwork.kernel.org/patch/11612913/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-06-18 18:53 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-15 17:58 [PATCH] ima_evm_utils: emit the per TPM PCR bank "boot_aggregate" values Mimi Zohar
2020-06-18 18:53 ` Petr Vorel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).