ima: Use tpm_default_chip() and call TPM functions with a tpm_chip

Rather than accessing the TPM functions by passing a NULL pointer for the tpm_chip, which causes a lookup for a suitable chip every time, get a hold of a tpm_chip and access the TPM functions using it. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
author: Stefan Berger <stefanb@linux.vnet.ibm.com> 2018-06-26 15:09:32 -0400
committer: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 2018-07-28 10:03:11 -0400
commit: 5c2a640aff73914e11ac0db310b32d3b7a1b87ad (patch)
tree: 26ab375331cfdd09aabc85709bd3c23c7afa04d3
parent: 58bac8cc3010ccb845572a3512fc16c9aaa5e50e (diff)
4 files changed, 7 insertions, 9 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 78c15264b17b..dc212c59d4d6 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -56,6 +56,7 @@ extern int ima_policy_flag;
 extern int ima_used_chip;
 extern int ima_hash_algo;
 extern int ima_appraise;
+extern struct tpm_chip *ima_tpm_chip;
 /* IMA event related data */
 struct ima_event_data {
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 4e085a17124f..88082f35adb2 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -634,7 +634,7 @@ static void __init ima_pcrread(int idx, u8 *pcr)
        if (!ima_used_chip)
                return;
-        if (tpm_pcr_read(NULL, idx, pcr) != 0)
+        if (tpm_pcr_read(ima_tpm_chip, idx, pcr) != 0)
                pr_err("Error Communicating to TPM chip\n");
 }
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 29b72cd2502e..1437ed3dbccc 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -27,6 +27,7 @@
 /* name for boot aggregate entry */
 static const char *boot_aggregate_name = "boot_aggregate";
 int ima_used_chip;
+struct tpm_chip *ima_tpm_chip;
 /* Add the boot aggregate to the IMA measurement list and extend
 * the PCR register.
@@ -106,17 +107,13 @@ void __init ima_load_x509(void)
 int __init ima_init(void)
 {
-        u8 pcr_i[TPM_DIGEST_SIZE];
        int rc;
-        ima_used_chip = 0;
+        ima_tpm_chip = tpm_default_chip();
-        rc = tpm_pcr_read(NULL, 0, pcr_i);
-        if (rc == 0)
-                ima_used_chip = 1;
+        ima_used_chip = ima_tpm_chip != NULL;
        if (!ima_used_chip)
-                pr_info("No TPM chip found, activating TPM-bypass! (rc=%d)\n",
+                pr_info("No TPM chip found, activating TPM-bypass!\n");
-                        rc);
        rc = integrity_init_keyring(INTEGRITY_KEYRING_IMA);
        if (rc)
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 418f35e38015..c6303fa19a49 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -145,7 +145,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr)
        if (!ima_used_chip)
                return result;
-        result = tpm_pcr_extend(NULL, pcr, hash);
+        result = tpm_pcr_extend(ima_tpm_chip, pcr, hash);
        if (result != 0)
                pr_err("Error Communicating to TPM chip, result: %d\n", result);
        return result;
author	Stefan Berger <stefanb@linux.vnet.ibm.com>	2018-06-26 15:09:32 -0400
committer	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>	2018-07-28 10:03:11 -0400
commit	5c2a640aff73914e11ac0db310b32d3b7a1b87ad (patch)
tree	26ab375331cfdd09aabc85709bd3c23c7afa04d3
parent	58bac8cc3010ccb845572a3512fc16c9aaa5e50e (diff)