~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/integrity/ima/ima_init.c

Version: ~ [ linux-5.12-rc1 ] ~ [ linux-5.11.2 ] ~ [ linux-5.10.19 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.101 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.177 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.222 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.258 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.258 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * Copyright (C) 2005,2006,2007,2008 IBM Corporation
  3  *
  4  * Authors:
  5  * Reiner Sailer      <sailer@watson.ibm.com>
  6  * Leendert van Doorn <leendert@watson.ibm.com>
  7  * Mimi Zohar         <zohar@us.ibm.com>
  8  *
  9  * This program is free software; you can redistribute it and/or
 10  * modify it under the terms of the GNU General Public License as
 11  * published by the Free Software Foundation, version 2 of the
 12  * License.
 13  *
 14  * File: ima_init.c
 15  *             initialization and cleanup functions
 16  */
 17 #include <linux/module.h>
 18 #include <linux/scatterlist.h>
 19 #include <linux/slab.h>
 20 #include <linux/err.h>
 21 #include <crypto/hash_info.h>
 22 #include "ima.h"
 23 
 24 /* name for boot aggregate entry */
 25 static const char *boot_aggregate_name = "boot_aggregate";
 26 int ima_used_chip;
 27 
 28 /* Add the boot aggregate to the IMA measurement list and extend
 29  * the PCR register.
 30  *
 31  * Calculate the boot aggregate, a SHA1 over tpm registers 0-7,
 32  * assuming a TPM chip exists, and zeroes if the TPM chip does not
 33  * exist.  Add the boot aggregate measurement to the measurement
 34  * list and extend the PCR register.
 35  *
 36  * If a tpm chip does not exist, indicate the core root of trust is
 37  * not hardware based by invalidating the aggregate PCR value.
 38  * (The aggregate PCR value is invalidated by adding one value to
 39  * the measurement list and extending the aggregate PCR value with
 40  * a different value.) Violations add a zero entry to the measurement
 41  * list and extend the aggregate PCR value with ff...ff's.
 42  */
 43 static void __init ima_add_boot_aggregate(void)
 44 {
 45         struct ima_template_entry *entry;
 46         struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
 47         const char *op = "add_boot_aggregate";
 48         const char *audit_cause = "ENOMEM";
 49         int result = -ENOMEM;
 50         int violation = 0;
 51         struct {
 52                 struct ima_digest_data hdr;
 53                 char digest[TPM_DIGEST_SIZE];
 54         } hash;
 55 
 56         memset(iint, 0, sizeof(*iint));
 57         memset(&hash, 0, sizeof(hash));
 58         iint->ima_hash = &hash.hdr;
 59         iint->ima_hash->algo = HASH_ALGO_SHA1;
 60         iint->ima_hash->length = SHA1_DIGEST_SIZE;
 61 
 62         if (ima_used_chip) {
 63                 result = ima_calc_boot_aggregate(&hash.hdr);
 64                 if (result < 0) {
 65                         audit_cause = "hashing_error";
 66                         goto err_out;
 67                 }
 68         }
 69 
 70         result = ima_alloc_init_template(iint, NULL, boot_aggregate_name,
 71                                          NULL, 0, &entry);
 72         if (result < 0)
 73                 return;
 74 
 75         result = ima_store_template(entry, violation, NULL,
 76                                     boot_aggregate_name);
 77         if (result < 0)
 78                 ima_free_template_entry(entry);
 79         return;
 80 err_out:
 81         integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,
 82                             audit_cause, result, 0);
 83 }
 84 
 85 int __init ima_init(void)
 86 {
 87         u8 pcr_i[TPM_DIGEST_SIZE];
 88         int rc;
 89 
 90         ima_used_chip = 0;
 91         rc = tpm_pcr_read(TPM_ANY_NUM, 0, pcr_i);
 92         if (rc == 0)
 93                 ima_used_chip = 1;
 94 
 95         if (!ima_used_chip)
 96                 pr_info("IMA: No TPM chip found, activating TPM-bypass!\n");
 97 
 98         rc = ima_init_crypto();
 99         if (rc)
100                 return rc;
101         rc = ima_init_template();
102         if (rc != 0)
103                 return rc;
104 
105         ima_add_boot_aggregate();       /* boot aggregate must be first entry */
106         ima_init_policy();
107 
108         return ima_fs_init();
109 }
110 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp