ima: Get rid of ima_used_chip and use ima_tpm_chip != NULL instead

Get rid of ima_used_chip and use ima_tpm_chip variable instead for determining whether to use the TPM chip. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
author: Stefan Berger <stefanb@linux.vnet.ibm.com> 2018-06-26 15:09:33 -0400
committer: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 2018-07-28 10:03:11 -0400
commit: ec403d8ed08c8272cfeeeea154fdebcd289988c8 (patch)
tree: a2a302177adbd31edcba2f9cd254f963853711e2
parent: 5c2a640aff73914e11ac0db310b32d3b7a1b87ad (diff)
4 files changed, 4 insertions, 8 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index dc212c59d4d6..588e4813370c 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -53,7 +53,6 @@ enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 };
 extern int ima_policy_flag;
 /* set during initialization */
-extern int ima_used_chip;
 extern int ima_hash_algo;
 extern int ima_appraise;
 extern struct tpm_chip *ima_tpm_chip;
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 88082f35adb2..7e7e7e7c250a 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -631,7 +631,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len,
 static void __init ima_pcrread(int idx, u8 *pcr)
 {
-        if (!ima_used_chip)
+        if (!ima_tpm_chip)
                return;
        if (tpm_pcr_read(ima_tpm_chip, idx, pcr) != 0)
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 1437ed3dbccc..faac9ecaa0ae 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -26,7 +26,6 @@
 /* name for boot aggregate entry */
 static const char *boot_aggregate_name = "boot_aggregate";
-int ima_used_chip;
 struct tpm_chip *ima_tpm_chip;
 /* Add the boot aggregate to the IMA measurement list and extend
@@ -65,7 +64,7 @@ static int __init ima_add_boot_aggregate(void)
        iint->ima_hash->algo = HASH_ALGO_SHA1;
        iint->ima_hash->length = SHA1_DIGEST_SIZE;
-        if (ima_used_chip) {
+        if (ima_tpm_chip) {
                result = ima_calc_boot_aggregate(&hash.hdr);
                if (result < 0) {
                        audit_cause = "hashing_error";
@@ -110,9 +109,7 @@ int __init ima_init(void)
        int rc;
        ima_tpm_chip = tpm_default_chip();
+        if (!ima_tpm_chip)
-        ima_used_chip = ima_tpm_chip != NULL;
-        if (!ima_used_chip)
                pr_info("No TPM chip found, activating TPM-bypass!\n");
        rc = integrity_init_keyring(INTEGRITY_KEYRING_IMA);
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index c6303fa19a49..b186819bd5aa 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -142,7 +142,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr)
 {
        int result = 0;
-        if (!ima_used_chip)
+        if (!ima_tpm_chip)
                return result;
        result = tpm_pcr_extend(ima_tpm_chip, pcr, hash);
author	Stefan Berger <stefanb@linux.vnet.ibm.com>	2018-06-26 15:09:33 -0400
committer	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>	2018-07-28 10:03:11 -0400
commit	ec403d8ed08c8272cfeeeea154fdebcd289988c8 (patch)
tree	a2a302177adbd31edcba2f9cd254f963853711e2
parent	5c2a640aff73914e11ac0db310b32d3b7a1b87ad (diff)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index dc212c59d4d6..588e4813370c 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h
@@ -53,7 +53,6 @@ enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 };
53	extern int ima_policy_flag;	53	extern int ima_policy_flag;
54		54
55	/* set during initialization */	55	/* set during initialization */
56	extern int ima_used_chip;
57	extern int ima_hash_algo;	56	extern int ima_hash_algo;
58	extern int ima_appraise;	57	extern int ima_appraise;
59	extern struct tpm_chip *ima_tpm_chip;	58	extern struct tpm_chip *ima_tpm_chip;


diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 88082f35adb2..7e7e7e7c250a 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c
@@ -631,7 +631,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len,
631		631
632	static void __init ima_pcrread(int idx, u8 *pcr)	632	static void __init ima_pcrread(int idx, u8 *pcr)
633	{	633	{
634	if (!ima_used_chip)	634	if (!ima_tpm_chip)
635	return;	635	return;
636		636
637	if (tpm_pcr_read(ima_tpm_chip, idx, pcr) != 0)	637	if (tpm_pcr_read(ima_tpm_chip, idx, pcr) != 0)


diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 1437ed3dbccc..faac9ecaa0ae 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c
@@ -26,7 +26,6 @@
26		26
27	/* name for boot aggregate entry */	27	/* name for boot aggregate entry */
28	static const char *boot_aggregate_name = "boot_aggregate";	28	static const char *boot_aggregate_name = "boot_aggregate";
29	int ima_used_chip;
30	struct tpm_chip *ima_tpm_chip;	29	struct tpm_chip *ima_tpm_chip;
31		30
32	/* Add the boot aggregate to the IMA measurement list and extend	31	/* Add the boot aggregate to the IMA measurement list and extend
@@ -65,7 +64,7 @@ static int __init ima_add_boot_aggregate(void)
65	iint->ima_hash->algo = HASH_ALGO_SHA1;	64	iint->ima_hash->algo = HASH_ALGO_SHA1;
66	iint->ima_hash->length = SHA1_DIGEST_SIZE;	65	iint->ima_hash->length = SHA1_DIGEST_SIZE;
67		66
68	if (ima_used_chip) {	67	if (ima_tpm_chip) {
69	result = ima_calc_boot_aggregate(&hash.hdr);	68	result = ima_calc_boot_aggregate(&hash.hdr);
70	if (result < 0) {	69	if (result < 0) {
71	audit_cause = "hashing_error";	70	audit_cause = "hashing_error";
@@ -110,9 +109,7 @@ int __init ima_init(void)
110	int rc;	109	int rc;
111		110
112	ima_tpm_chip = tpm_default_chip();	111	ima_tpm_chip = tpm_default_chip();
113		112	if (!ima_tpm_chip)
114	ima_used_chip = ima_tpm_chip != NULL;
115	if (!ima_used_chip)
116	pr_info("No TPM chip found, activating TPM-bypass!\n");	113	pr_info("No TPM chip found, activating TPM-bypass!\n");
117		114
118	rc = integrity_init_keyring(INTEGRITY_KEYRING_IMA);	115	rc = integrity_init_keyring(INTEGRITY_KEYRING_IMA);


diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index c6303fa19a49..b186819bd5aa 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c
@@ -142,7 +142,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr)
142	{	142	{
143	int result = 0;	143	int result = 0;
144		144
145	if (!ima_used_chip)	145	if (!ima_tpm_chip)
146	return result;	146	return result;
147		147
148	result = tpm_pcr_extend(ima_tpm_chip, pcr, hash);	148	result = tpm_pcr_extend(ima_tpm_chip, pcr, hash);