mirror of
https://git.code.sf.net/p/linux-ima/ima-evm-utils
synced 2025-07-01 05:11:13 +02:00
ima_evm_utils: emit the per TPM PCR bank "boot_aggregate" values
Instead of emitting the per TPM PCR bank "boot_aggregate" values one at a time, store them in a buffer and emit them all at once. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Mimi Zohar
55
src/evmctl.c
55
src/evmctl.c
@ -1937,11 +1937,36 @@ static void calc_bootaggr(struct tpm_bank_info *bank)
|
|||||||
}
|
}
|
||||||
|
|
||||||
out:
|
out:
|
||||||
printf("%s:", bank->algo_name);
|
|
||||||
imaevm_hexdump(bank->digest, bank->digest_size);
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||||
EVP_MD_CTX_free(pctx);
|
EVP_MD_CTX_free(pctx);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The "boot_aggregate" format is the TPM PCR bank algorithm, a colon
|
||||||
|
* separator, followed by a per bank TPM PCR bank specific digest.
|
||||||
|
* Store the TPM PCR bank specific "boot_aggregate" value as a newline
|
||||||
|
* terminated string in the provided buffer.
|
||||||
|
*/
|
||||||
|
static int append_bootaggr(char *bootaggr, struct tpm_bank_info *tpm_banks)
|
||||||
|
{
|
||||||
|
uint8_t *buf;
|
||||||
|
int j;
|
||||||
|
|
||||||
|
strcpy(bootaggr, tpm_banks->algo_name);
|
||||||
|
j = strlen(tpm_banks->algo_name);
|
||||||
|
bootaggr[j++] = ':';
|
||||||
|
|
||||||
|
for (buf = tpm_banks->digest;
|
||||||
|
buf < (tpm_banks->digest + tpm_banks->digest_size);
|
||||||
|
buf++) {
|
||||||
|
bootaggr[j++] = hex_asc_hi(*buf);
|
||||||
|
bootaggr[j++] = hex_asc_lo(*buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
bootaggr[j++] = '\n';
|
||||||
|
return j;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1953,7 +1978,10 @@ out:
|
|||||||
static int cmd_ima_bootaggr(struct command *cmd)
|
static int cmd_ima_bootaggr(struct command *cmd)
|
||||||
{
|
{
|
||||||
struct tpm_bank_info *tpm_banks;
|
struct tpm_bank_info *tpm_banks;
|
||||||
|
int bootaggr_len = 0;
|
||||||
|
char *bootaggr;
|
||||||
int num_banks = 0;
|
int num_banks = 0;
|
||||||
|
int offset = 0;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
tpm_banks = init_tpm_banks(&num_banks);
|
tpm_banks = init_tpm_banks(&num_banks);
|
||||||
@ -1963,11 +1991,34 @@ static int cmd_ima_bootaggr(struct command *cmd)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Allocate enough memory for the per TPM 2.0 PCR bank algorithm,
|
||||||
|
* the colon separator, the boot_aggregate digest and newline.
|
||||||
|
*
|
||||||
|
* Format: <hash algorithm name>:<boot_aggregate digest>\n ...
|
||||||
|
*/
|
||||||
|
for (i = 0; i < num_banks; i++) {
|
||||||
|
if (!tpm_banks[i].supported)
|
||||||
|
continue;
|
||||||
|
bootaggr_len += strlen(tpm_banks[i].algo_name) + 1;
|
||||||
|
bootaggr_len += (tpm_banks[i].digest_size * 2) + 1;
|
||||||
|
}
|
||||||
|
bootaggr = malloc(bootaggr_len);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Calculate and convert the per TPM 2.0 PCR bank algorithm
|
||||||
|
* "boot_aggregate" digest from binary to asciihex. Store the
|
||||||
|
* "boot_aggregate" values as a list of newline terminated
|
||||||
|
* strings.
|
||||||
|
*/
|
||||||
for (i = 0; i < num_banks; i++) {
|
for (i = 0; i < num_banks; i++) {
|
||||||
if (!tpm_banks[i].supported)
|
if (!tpm_banks[i].supported)
|
||||||
continue;
|
continue;
|
||||||
calc_bootaggr(&tpm_banks[i]);
|
calc_bootaggr(&tpm_banks[i]);
|
||||||
|
offset += append_bootaggr(bootaggr + offset, tpm_banks + i);
|
||||||
}
|
}
|
||||||
|
printf("%s", bootaggr);
|
||||||
|
free(bootaggr);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user