• Roberto Sassu's avatar
    ima: Switch to dynamically allocated buffer for template digests · aa724fe1
    Roberto Sassu authored
    This patch dynamically allocates the array of tpm_digest structures in
    ima_alloc_init_template() and ima_restore_template_data(). The size of the
    array is equal to the number of PCR banks plus ima_extra_slots, to make
    room for SHA1 and the IMA default hash algorithm, when PCR banks with those
    algorithms are not allocated.
    
    Calculating the SHA1 digest is mandatory, as SHA1 still remains the default
    hash algorithm for the measurement list. When IMA will support the Crypto
    Agile format, remaining digests will be also provided.
    
    The position in the measurement entry array of the SHA1 digest is stored in
    the ima_sha1_idx global variable and is determined at IMA initialization
    time.
    Signed-off-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    aa724fe1
ima_api.c 11.1 KB