ima: extend the measurement entry specific pcr

Extend the PCR supplied as a parameter, instead of assuming that the measurement entry uses the default configured PCR. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
author: Eric Richter <erichte@linux.vnet.ibm.com> 2016-06-01 14:14:07 -0400
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2016-06-30 01:14:22 -0400
commit: 544e1cea03e6674e3c12a3b8e8cc507c3dbeaf0c (patch)
tree: 6a700eb43f5cbe8f8fbebf3e7c409c9b364f9955 /security
parent: a422638d492a35316e3fd9bb31bfc9769b249bca (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 04a9ac13e85e..32f6ac0f96df 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -90,14 +90,14 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)
        return 0;
 }
-static int ima_pcr_extend(const u8 *hash)
+static int ima_pcr_extend(const u8 *hash, int pcr)
 {
        int result = 0;
        if (!ima_used_chip)
                return result;
-        result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);
+        result = tpm_pcr_extend(TPM_ANY_NUM, pcr, hash);
        if (result != 0)
                pr_err("Error Communicating to TPM chip, result: %d\n", result);
        return result;
@@ -136,7 +136,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
        if (violation)          /* invalidate pcr */
                memset(digest, 0xff, sizeof(digest));
-        tpmresult = ima_pcr_extend(digest);
+        tpmresult = ima_pcr_extend(digest, entry->pcr);
        if (tpmresult != 0) {
                snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
                         tpmresult);
author	Eric Richter <erichte@linux.vnet.ibm.com>	2016-06-01 14:14:07 -0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2016-06-30 01:14:22 -0400
commit	544e1cea03e6674e3c12a3b8e8cc507c3dbeaf0c (patch)
tree	6a700eb43f5cbe8f8fbebf3e7c409c9b364f9955 /security
parent	a422638d492a35316e3fd9bb31bfc9769b249bca (diff)

diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 04a9ac13e85e..32f6ac0f96df 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c
@@ -90,14 +90,14 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)
90	return 0;	90	return 0;
91	}	91	}
92		92
93	static int ima_pcr_extend(const u8 *hash)	93	static int ima_pcr_extend(const u8 *hash, int pcr)
94	{	94	{
95	int result = 0;	95	int result = 0;
96		96
97	if (!ima_used_chip)	97	if (!ima_used_chip)
98	return result;	98	return result;
99		99
100	result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);	100	result = tpm_pcr_extend(TPM_ANY_NUM, pcr, hash);
101	if (result != 0)	101	if (result != 0)
102	pr_err("Error Communicating to TPM chip, result: %d\n", result);	102	pr_err("Error Communicating to TPM chip, result: %d\n", result);
103	return result;	103	return result;
@@ -136,7 +136,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
136	if (violation) /* invalidate pcr */	136	if (violation) /* invalidate pcr */
137	memset(digest, 0xff, sizeof(digest));	137	memset(digest, 0xff, sizeof(digest));
138		138
139	tpmresult = ima_pcr_extend(digest);	139	tpmresult = ima_pcr_extend(digest, entry->pcr);
140	if (tpmresult != 0) {	140	if (tpmresult != 0) {
141	snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",	141	snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
142	tpmresult);	142	tpmresult);