[3/3] ima-evm-utils: mixed "ima" and other template formats not supported

Commit Message

Mimi Zohar July 7, 2020, 2:27 a.m. UTC

An IMA measurement list may not contain "ima" and other template
formats.  Fail verifying the ima_measurement test.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

Patch

diff --git a/src/evmctl.c b/src/evmctl.c
index 9ee440f6a50a..21809b3229e9 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1830,8 +1830,9 @@  static int ima_measurement(const char *file)
 {
 	struct tpm_bank_info *pseudo_banks;
 	struct tpm_bank_info *tpm_banks;
-	int is_ima_template;
+	int is_ima_template, cur_template_fmt;
 	int num_banks = 0;
+	int first_record = 1;
 
 	struct template_entry entry = { .template = 0 };
 	FILE *fp;
@@ -1869,7 +1870,21 @@  static int ima_measurement(const char *file)
 			goto out;
 		}
 
-		is_ima_template = strcmp(entry.name, "ima") == 0 ? 1 : 0;
+	       /*
+		* The "ima" template format can not be mixed with other
+		* template formats records.
+		*/
+		if (!first_record) {
+			cur_template_fmt = strcmp(entry.name, "ima") == 0 ? 1 : 0;
+			if ((is_ima_template && !cur_template_fmt) ||
+			    (!is_ima_template && cur_template_fmt)) {
+				log_err("Mixed measurement list containing \"ima\" and other template formats not supported.\n");
+				goto out;
+			}
+		} else {
+			first_record = 0;
+			is_ima_template = strcmp(entry.name, "ima") == 0 ? 1 : 0;
+		}
 
 		/* The "ima" template data is not length prefixed.  Skip it. */
 		if (!is_ima_template) {