linux/security
Roberto Sassu 0b6cf6b97b tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()
Currently, tpm_pcr_extend() accepts as an input only a SHA1 digest.

This patch replaces the hash parameter of tpm_pcr_extend() with an array of
tpm_digest structures, so that the caller can provide a digest for each PCR
bank currently allocated in the TPM.

tpm_pcr_extend() will not extend banks for which no digest was provided,
as it happened before this patch, but instead it requires that callers
provide the full set of digests. Since the number of digests will always be
chip->nr_allocated_banks, the count parameter has been removed.

Due to the API change, ima_pcr_extend() and pcrlock() have been modified.
Since the number of allocated banks is not known in advance, the memory for
the digests must be dynamically allocated. To avoid performance degradation
and to avoid that a PCR extend is not done due to lack of memory, the array
of tpm_digest structures is allocated by the users of the TPM driver at
initialization time.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Mimi Zohar <zohar@linux.ibm.com> (on x86 for TPM 1.2 & PTT TPM 2.0)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2019-02-13 09:48:52 +02:00
..
apparmor apparmor: Adjust offset when accessing task blob. 2019-01-22 14:38:59 -08:00
integrity tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() 2019-02-13 09:48:52 +02:00
keys tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() 2019-02-13 09:48:52 +02:00
loadpin LoadPin: Initialize as ordered LSM 2019-01-08 13:18:43 -08:00
safesetid LSM: SafeSetID: remove unused include 2019-01-30 12:29:53 -08:00
selinux Linux 5.0-rc3 2019-01-22 14:33:10 -08:00
smack LSM: Make lsm_early_cred() and lsm_early_task() local functions. 2019-01-18 11:44:02 -08:00
tomoyo tomoyo: Allow multiple use_group lines. 2019-01-24 14:50:27 -08:00
yama Linux 5.0-rc3 2019-01-22 14:33:10 -08:00
commoncap.c LSM: generalize flag passing to security_capable 2019-01-10 14:16:06 -08:00
device_cgroup.c docs: fix broken references with multiple hints 2018-06-15 18:10:01 -03:00
inode.c security: fs: make inode explicitly non-modular 2018-12-12 14:58:51 -08:00
Kconfig LSM: add SafeSetID module that gates setid calls 2019-01-25 11:22:45 -08:00
lsm_audit.c audit: use inline function to get audit context 2018-05-14 17:24:18 -04:00
Makefile LSM: add SafeSetID module that gates setid calls 2019-01-25 11:22:45 -08:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c Linux 5.0-rc3 2019-01-22 14:33:10 -08:00