--- Begin Message --- JC,
Sorry, this patch requires changes in the include/linux/tpm.h. Attached
is a TPM patch.
Mimi
On Thu, 2009-10-22 at 16:23 -0400, Mimi Zohar wrote:
> JC,
>
> It seems that James is waiting for an ACK or some type of
> acknowledgement from you. Would you mind giving it a try?
>
> Thanks!
>
> Mimi
>
> -------- Forwarded Message --------
> From: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
> To: linux-kernel@xxxxxxxxxxxxxxx
> Cc: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>, Jean-Christophe Dubois
> <jcd@xxxxxxxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, David Safford
> <safford@xxxxxxxxxxxxxx>, Mimi Zohar <zohar@xxxxxxxxxx>
> Subject: [PATCH] ima: remove ACPI dependency
> Date: Tue, 20 Oct 2009 16:12:38 -0400
>
> Remove ACPI dependency on systems without a TPM enabled.
>
> Reported-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxx>
> ---
> security/integrity/ima/Kconfig | 16 +++++++---------
> 1 files changed, 7 insertions(+), 9 deletions(-)
>
> diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> index 53d9764..3ca39e7 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -2,14 +2,12 @@
> #
> config IMA
> bool "Integrity Measurement Architecture(IMA)"
> - depends on ACPI
> select SECURITYFS
> select CRYPTO
> select CRYPTO_HMAC
> select CRYPTO_MD5
> select CRYPTO_SHA1
> - select TCG_TPM
> - select TCG_TIS
> + select ACPI if TCG_TPM
> help
> The Trusted Computing Group(TCG) runtime Integrity
> Measurement Architecture(IMA) maintains a list of hash
> @@ -18,12 +16,12 @@ config IMA
> to change the contents of an important system file
> being measured, we can tell.
>
> - If your system has a TPM chip, then IMA also maintains
> - an aggregate integrity value over this list inside the
> - TPM hardware, so that the TPM can prove to a third party
> - whether or not critical system files have been modified.
> - Read <http://www.usenix.org/events/sec04/tech/sailer.html>
> - to learn more about IMA.
> + If your system has a TPM chip, and it is enabled, then
> + IMA also maintains an aggregate integrity value over
> + this list inside the TPM hardware, so that the TPM can
> + prove to a third party whether or not critical system
> + files have been modified. To learn more about IMA, read
> + <http://www.usenix.org/events/sec04/tech/sailer.html>
> If unsure, say N.
>
> config IMA_MEASURE_PCR_IDX
tpm add default function definitions
Add default tpm_pcr_read/extend function definitions required
by IMA/Kconfig changes.
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxx>
Index: security-testing-2.6/include/linux/tpm.h
===================================================================
--- security-testing-2.6.orig/include/linux/tpm.h
+++ security-testing-2.6/include/linux/tpm.h
@@ -31,5 +31,12 @@
extern int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf);
extern int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash);
+#else
+static inline int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) {
+ return -ENODEV;
+}
+static inline int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) {
+ return -ENODEV;
+}
#endif
#endif
--- End Message ---