From: Stefan Berger <stefanb@linux.vnet.ibm.com> To: linux-integrity@vger.kernel.org, jarkko.sakkinen@linux.intel.com, zohar@linux.vnet.ibm.com Cc: jgg@ziepe.ca, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Stefan Berger <stefanb@linux.vnet.ibm.com> Subject: [PATCH v7 4/5] ima: Use tpm_default_chip() and call TPM functions with a tpm_chip Date: Tue, 26 Jun 2018 15:09:32 -0400 [thread overview] Message-ID: <20180626190933.2508821-5-stefanb@linux.vnet.ibm.com> (raw) In-Reply-To: <20180626190933.2508821-1-stefanb@linux.vnet.ibm.com> Rather than accessing the TPM functions by passing a NULL pointer for the tpm_chip, which causes a lookup for a suitable chip every time, get a hold of a tpm_chip and access the TPM functions using it. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_crypto.c | 2 +- security/integrity/ima/ima_init.c | 11 ++++------- security/integrity/ima/ima_queue.c | 2 +- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 354bb5716ce3..35409461a3f2 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -56,6 +56,7 @@ extern int ima_policy_flag; extern int ima_used_chip; extern int ima_hash_algo; extern int ima_appraise; +extern struct tpm_chip *ima_tpm_chip; /* IMA event related data */ struct ima_event_data { diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 4e085a17124f..88082f35adb2 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -634,7 +634,7 @@ static void __init ima_pcrread(int idx, u8 *pcr) if (!ima_used_chip) return; - if (tpm_pcr_read(NULL, idx, pcr) != 0) + if (tpm_pcr_read(ima_tpm_chip, idx, pcr) != 0) pr_err("Error Communicating to TPM chip\n"); } diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 29b72cd2502e..1437ed3dbccc 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -27,6 +27,7 @@ /* name for boot aggregate entry */ static const char *boot_aggregate_name = "boot_aggregate"; int ima_used_chip; +struct tpm_chip *ima_tpm_chip; /* Add the boot aggregate to the IMA measurement list and extend * the PCR register. @@ -106,17 +107,13 @@ void __init ima_load_x509(void) int __init ima_init(void) { - u8 pcr_i[TPM_DIGEST_SIZE]; int rc; - ima_used_chip = 0; - rc = tpm_pcr_read(NULL, 0, pcr_i); - if (rc == 0) - ima_used_chip = 1; + ima_tpm_chip = tpm_default_chip(); + ima_used_chip = ima_tpm_chip != NULL; if (!ima_used_chip) - pr_info("No TPM chip found, activating TPM-bypass! (rc=%d)\n", - rc); + pr_info("No TPM chip found, activating TPM-bypass!\n"); rc = integrity_init_keyring(INTEGRITY_KEYRING_IMA); if (rc) diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 418f35e38015..c6303fa19a49 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -145,7 +145,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr) if (!ima_used_chip) return result; - result = tpm_pcr_extend(NULL, pcr, hash); + result = tpm_pcr_extend(ima_tpm_chip, pcr, hash); if (result != 0) pr_err("Error Communicating to TPM chip, result: %d\n", result); return result; -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: stefanb@linux.vnet.ibm.com (Stefan Berger) To: linux-security-module@vger.kernel.org Subject: [PATCH v7 4/5] ima: Use tpm_default_chip() and call TPM functions with a tpm_chip Date: Tue, 26 Jun 2018 15:09:32 -0400 [thread overview] Message-ID: <20180626190933.2508821-5-stefanb@linux.vnet.ibm.com> (raw) In-Reply-To: <20180626190933.2508821-1-stefanb@linux.vnet.ibm.com> Rather than accessing the TPM functions by passing a NULL pointer for the tpm_chip, which causes a lookup for a suitable chip every time, get a hold of a tpm_chip and access the TPM functions using it. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_crypto.c | 2 +- security/integrity/ima/ima_init.c | 11 ++++------- security/integrity/ima/ima_queue.c | 2 +- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 354bb5716ce3..35409461a3f2 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -56,6 +56,7 @@ extern int ima_policy_flag; extern int ima_used_chip; extern int ima_hash_algo; extern int ima_appraise; +extern struct tpm_chip *ima_tpm_chip; /* IMA event related data */ struct ima_event_data { diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 4e085a17124f..88082f35adb2 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -634,7 +634,7 @@ static void __init ima_pcrread(int idx, u8 *pcr) if (!ima_used_chip) return; - if (tpm_pcr_read(NULL, idx, pcr) != 0) + if (tpm_pcr_read(ima_tpm_chip, idx, pcr) != 0) pr_err("Error Communicating to TPM chip\n"); } diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 29b72cd2502e..1437ed3dbccc 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -27,6 +27,7 @@ /* name for boot aggregate entry */ static const char *boot_aggregate_name = "boot_aggregate"; int ima_used_chip; +struct tpm_chip *ima_tpm_chip; /* Add the boot aggregate to the IMA measurement list and extend * the PCR register. @@ -106,17 +107,13 @@ void __init ima_load_x509(void) int __init ima_init(void) { - u8 pcr_i[TPM_DIGEST_SIZE]; int rc; - ima_used_chip = 0; - rc = tpm_pcr_read(NULL, 0, pcr_i); - if (rc == 0) - ima_used_chip = 1; + ima_tpm_chip = tpm_default_chip(); + ima_used_chip = ima_tpm_chip != NULL; if (!ima_used_chip) - pr_info("No TPM chip found, activating TPM-bypass! (rc=%d)\n", - rc); + pr_info("No TPM chip found, activating TPM-bypass!\n"); rc = integrity_init_keyring(INTEGRITY_KEYRING_IMA); if (rc) diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 418f35e38015..c6303fa19a49 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -145,7 +145,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr) if (!ima_used_chip) return result; - result = tpm_pcr_extend(NULL, pcr, hash); + result = tpm_pcr_extend(ima_tpm_chip, pcr, hash); if (result != 0) pr_err("Error Communicating to TPM chip, result: %d\n", result); return result; -- 2.17.1 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-06-26 19:10 UTC|newest] Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-06-26 19:09 [PATCH v7 0/5] Have IMA find and use a tpm_chip until system shutdown Stefan Berger 2018-06-26 19:09 ` Stefan Berger 2018-06-26 19:09 ` [PATCH v7 1/5] tpm: rename tpm_chip_find_get() to tpm_find_get_ops() Stefan Berger 2018-06-26 19:09 ` Stefan Berger 2018-06-26 19:09 ` [PATCH v7 2/5] tpm: Implement tpm_default_chip() to find a TPM chip Stefan Berger 2018-06-26 19:09 ` Stefan Berger 2018-06-29 11:36 ` Jarkko Sakkinen 2018-06-29 11:36 ` Jarkko Sakkinen 2018-06-26 19:09 ` [PATCH v7 3/5] tpm: Convert tpm_find_get_ops() to use tpm_default_chip() Stefan Berger 2018-06-26 19:09 ` Stefan Berger 2018-06-29 11:39 ` Jarkko Sakkinen 2018-06-29 11:39 ` Jarkko Sakkinen 2018-06-26 19:09 ` Stefan Berger [this message] 2018-06-26 19:09 ` [PATCH v7 4/5] ima: Use tpm_default_chip() and call TPM functions with a tpm_chip Stefan Berger 2018-06-26 19:09 ` [PATCH v7 5/5] ima: Get rid of ima_used_chip and use ima_tpm_chip != NULL instead Stefan Berger 2018-06-26 19:09 ` Stefan Berger 2018-07-02 15:11 ` Mimi Zohar 2018-07-02 15:11 ` Mimi Zohar 2018-07-02 15:25 ` Stefan Berger 2018-07-02 15:25 ` Stefan Berger 2018-06-29 12:13 ` [PATCH v7 0/5] Have IMA find and use a tpm_chip until system shutdown Jarkko Sakkinen 2018-06-29 12:13 ` Jarkko Sakkinen 2018-06-29 12:27 ` Stefan Berger 2018-06-29 12:27 ` Stefan Berger 2018-06-29 12:27 ` Stefan Berger 2018-06-29 15:01 ` Mimi Zohar 2018-06-29 15:01 ` Mimi Zohar 2018-06-29 15:01 ` Mimi Zohar
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20180626190933.2508821-5-stefanb@linux.vnet.ibm.com \ --to=stefanb@linux.vnet.ibm.com \ --cc=jarkko.sakkinen@linux.intel.com \ --cc=jgg@ziepe.ca \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=zohar@linux.vnet.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.