@@ -123,7 +123,6 @@ static int ima_measurements_show(struct seq_file *m, void *v)
struct ima_template_entry *e;
char *template_name;
int namelen;
- u32 pcr = CONFIG_IMA_MEASURE_PCR_IDX;
bool is_ima_template = false;
int i;
@@ -137,10 +136,10 @@ static int ima_measurements_show(struct seq_file *m, void *v)
/*
* 1st: PCRIndex
- * PCR used is always the same (config option) in
- * little-endian format
+ * PCR used defaults to the same (config option) in
+ * little-endian format, unless set in policy
*/
- ima_putc(m, &pcr, sizeof(pcr));
+ ima_putc(m, &e->pcr, sizeof(e->pcr));
/* 2nd: template digest */
ima_putc(m, e->digest, TPM_DIGEST_SIZE);
@@ -219,7 +218,7 @@ static int ima_ascii_measurements_show(struct seq_file *m, void *v)
e->template_desc->name : e->template_desc->fmt;
/* 1st: PCR used (config option) */
- seq_printf(m, "%2d ", CONFIG_IMA_MEASURE_PCR_IDX);
+ seq_printf(m, "%2d ", e->pcr);
/* 2nd: SHA1 template hash */
ima_print_digest(m, e->digest, TPM_DIGEST_SIZE);
IMA assumes that the same default Kconfig PCR is extended for each entry. This patch replaces the default configured PCR with the policy defined PCR. Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com> --- security/integrity/ima/ima_fs.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-)