Re: [Patch 4/7] integrity: IMA integrity_measure() support

[Andrew Morton]

On Fri, 23 Mar 2007 12:09:50 -0400 Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:

> This is a re-release of Integrity Measurement Architecture(IMA) as a
> method of providing support for the integrity service framework API
> integrity_measure() call. When integrity_measure() is called, IMA
> submits the measurement (hash) of the file to the TPM chip, for
> inclusion in one of the chip's Platform Configuration Registers (PCR).
> IMA also keeps a list of all file names and hashes that have been
> submitted to the TPM, which can be viewed through securityfs. By
> separately requesting a TPM_Quote from the chip, an application can
> get a chip-signed value of the PCR, which, along with the list of
> measurements from IMA, can be used to attest, or prove to a third
> party, the validity of the hash list.  (The tpm-3.2.1 package includes
> example TPM applications for creating keys, and performing the
> TPM_Quote operation.) 
> 
> IMA can be included or excluded in the kernel configuration. If
> included in the kernel, IMA can also be enabled or disabled on the
> kernel command line with evm_enable_ima=0.

It breaks the ia64 build:

ima_fs_cleanup: discarded in section `.exit.text' from security/built-in.o

it's calling an __exit function from a non-_-exit function.

I'll remove the __exit tag from ima_fs_cleanup(), but that's the wrong fix
- really the caller should be fixed but it's all tangled up in a quite
unnecessary inlined function.

I must say that this code doesn't leave an impression of having sufficient
overall quality.  It needs some caring for. 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/