From dc3897f011cbe65a504964a899d336bb7e3bb51d Mon Sep 17 00:00:00 2001
From: Mimi Zohar <zohar@linux.ibm.com>
Date: Tue, 18 Feb 2020 17:31:59 -0500
Subject: [PATCH] ima-evm-utils: treat unallocated banks as an error

The TPM spec differentiates between an unknown bank and an unallocated
bank.  In terms of re-calculating the PCR, treat them as equivalent.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/evmctl.c b/src/evmctl.c
index ef1f289..74fe260 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1449,6 +1449,11 @@ static int tpm2_pcr_read(int idx, uint8_t *hwpcr, int len, char **errmsg)
 
 	/* get the popen "cmd" return code */
 	ret = pclose(fp);
+
+	/* Treat an unallocated bank as an error */
+	if (!ret && (strlen(pcr) < SHA_DIGEST_LENGTH))
+		ret = -1;
+
 	if (!ret)
 		hex2bin(hwpcr, pcr, SHA_DIGEST_LENGTH);
 	else