ima-evm-utils: fix measurement violation checking

The template data digest for file measurement time of measure, time of use (ToMToU) violations is zero. Don't calculate the template data digest for the different banks. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2025-04-27 22:32:31 +02:00 · 2020-07-05 01:28:12 -04:00 · 2020-07-05 01:28:12 -04:00 · 747bf9e890
commit 747bf9e890
parent 8b49f0c01c
1 changed files with 13 additions and 4 deletions
--- a/src/evmctl.c
+++ b/src/evmctl.c
@ -1736,10 +1736,19 @@ static void extend_tpm_banks(struct template_entry *entry, int num_banks,
 			continue;
 		}

-		err = calculate_template_digest(pctx, md, entry, &bank[i]);
-		if (!err) {
-			bank[i].supported = 0;
-			continue;
+		/*
+		 * Measurement violations are 0x00 digests.  No need to
+		 * calculate the per TPM bank template digests.
+		 */
+		if (memcmp(entry->header.digest, zero, SHA_DIGEST_LENGTH) == 0)
+			memset(bank[i].digest, 0x00, bank[i].digest_size);
+		else {
+			err = calculate_template_digest(pctx, md, entry,
+							&bank[i]);
+			if (!err) {
+				bank[i].supported = 0;
+				continue;
+			}
 		}

 		/* extend TPM BANK with template digest */