Re: [PATCH 2/2] ima: support calculating the boot_aggregate based on different TPM banks

From: Mimi Zohar
Date: Mon Jan 27 2020 - 13:01:48 EST

Next message: Kammela, Gayatri: "RE: [PATCH v1 0/7] platform/x86: intel_pmc_core: Add debugfs entries"
Previous message: Stefano Garzarella: "Re: [PATCH liburing 0/1] test: add epoll test case"
In reply to: Lakshmi Ramasubramanian: "Re: [PATCH 2/2] ima: support calculating the boot_aggregate based on different TPM banks"
Next in thread: Ken Goldman: "Re: [PATCH 2/2] ima: support calculating the boot_aggregate based on different TPM banks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2020-01-27 at 08:50 -0800, Lakshmi Ramasubramanian wrote:
> On 1/27/2020 8:01 AM, Mimi Zohar wrote:
>
> > +
> > + for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {
> > + if (ima_tpm_chip->allocated_banks[i].alg_id == d.alg_id)
> > + break;
> > + }
> > +
> > + if (i == ima_tpm_chip->nr_allocated_banks)
> > + d.alg_id = ima_tpm_chip->allocated_banks[0].alg_id;
> > +
>
> Can the number of allocated banks (ima_tpm_chip->nr_allocated_banks) be
> zero? Should that be checked before accessing "allocated_banks"?

Yes, that might be the true, but I think the solution is not fixing
the problem here, but when ima_tpm_chip is set in ima_init().
tpm_default_chip() should be modified to return a TPM with at least
one bank enabled; and ima_init() needs to go into TPM-bypass mode if
there isn't.

Can anyone look into this please?

Mimi

Next message: Kammela, Gayatri: "RE: [PATCH v1 0/7] platform/x86: intel_pmc_core: Add debugfs entries"
Previous message: Stefano Garzarella: "Re: [PATCH liburing 0/1] test: add epoll test case"
In reply to: Lakshmi Ramasubramanian: "Re: [PATCH 2/2] ima: support calculating the boot_aggregate based on different TPM banks"
Next in thread: Ken Goldman: "Re: [PATCH 2/2] ima: support calculating the boot_aggregate based on different TPM banks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]