| Message ID | 20180626110619.2362791-6-stefanb@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tue, 2018-06-26 at 07:06 -0400, Stefan Berger wrote: > Get rid of ima_used_chip and use ima_tpm_chip variable instead for > determining whether to use the TPM chip. > > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> (i.e. LGTM but no competence to give a detailed review). /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 35409461a3f2..2ab1affffa36 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -53,7 +53,6 @@ enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 }; extern int ima_policy_flag; /* set during initialization */ -extern int ima_used_chip; extern int ima_hash_algo; extern int ima_appraise; extern struct tpm_chip *ima_tpm_chip; diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 88082f35adb2..7e7e7e7c250a 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -631,7 +631,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len, static void __init ima_pcrread(int idx, u8 *pcr) { - if (!ima_used_chip) + if (!ima_tpm_chip) return; if (tpm_pcr_read(ima_tpm_chip, idx, pcr) != 0) diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 1437ed3dbccc..faac9ecaa0ae 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -26,7 +26,6 @@ /* name for boot aggregate entry */ static const char *boot_aggregate_name = "boot_aggregate"; -int ima_used_chip; struct tpm_chip *ima_tpm_chip; /* Add the boot aggregate to the IMA measurement list and extend @@ -65,7 +64,7 @@ static int __init ima_add_boot_aggregate(void) iint->ima_hash->algo = HASH_ALGO_SHA1; iint->ima_hash->length = SHA1_DIGEST_SIZE; - if (ima_used_chip) { + if (ima_tpm_chip) { result = ima_calc_boot_aggregate(&hash.hdr); if (result < 0) { audit_cause = "hashing_error"; @@ -110,9 +109,7 @@ int __init ima_init(void) int rc; ima_tpm_chip = tpm_default_chip(); - - ima_used_chip = ima_tpm_chip != NULL; - if (!ima_used_chip) + if (!ima_tpm_chip) pr_info("No TPM chip found, activating TPM-bypass!\n"); rc = integrity_init_keyring(INTEGRITY_KEYRING_IMA); diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index c6303fa19a49..b186819bd5aa 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -142,7 +142,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr) { int result = 0; - if (!ima_used_chip) + if (!ima_tpm_chip) return result; result = tpm_pcr_extend(ima_tpm_chip, pcr, hash);
Get rid of ima_used_chip and use ima_tpm_chip variable instead for determining whether to use the TPM chip. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_crypto.c | 2 +- security/integrity/ima/ima_init.c | 7 ++----- security/integrity/ima/ima_queue.c | 2 +- 4 files changed, 4 insertions(+), 8 deletions(-)