[RFC,v2,2/4] ima: Use tpm_chip from init IMA namespace.

Message ID	20221031025946.298754-1-denis.semakin@huawei.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-integrity-owner@kernel.org> From: Denis Semakin <denis.semakin@huawei.com> To: <linux-integrity@vger.kernel.org> CC: <artem.kuzin@huawei.com>, <konstantin.meskhidze@huawei.com>, <yusongping@huawei.com>, <hukeping@huawei.com>, <roberto.sassu@huawei.com>, <krzysztof.struczynski@huawei.com>, <stefanb@linux.ibm.com>, <denis.semakin@huawei-partners.com> Subject: [RFC PATCH v2 2/4] ima: Use tpm_chip from init IMA namespace. Date: Mon, 31 Oct 2022 10:59:46 +0800 Message-ID: <20221031025946.298754-1-denis.semakin@huawei.com> In-Reply-To: <20221031025507.298323-1-denis.semakin@huawei.com> References: <20221031025507.298323-1-denis.semakin@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	Virtualize PCR for Container-IMA \| expand [RFC,v2,0/4] Virtualize PCR for Container-IMA [RFC,v2,1/4] ima: Introduce PCR virtualization for IMA namespace. [RFC,v2,2/4] ima: Use tpm_chip from init IMA namespace. [RFC,v2,3/4] ima: Create vpcr file on securityfs. [RFC,v2,4/4] ima: Extend the real PCR12 with tempPCR value.

Message ID

20221031025946.298754-1-denis.semakin@huawei.com (mailing list archive)

State

New, archived

Headers

From: Denis Semakin <denis.semakin@huawei.com>
To: <linux-integrity@vger.kernel.org>
CC: <artem.kuzin@huawei.com>, <konstantin.meskhidze@huawei.com>,
        <yusongping@huawei.com>, <hukeping@huawei.com>,
        <roberto.sassu@huawei.com>, <krzysztof.struczynski@huawei.com>,
        <stefanb@linux.ibm.com>, <denis.semakin@huawei-partners.com>
Subject: [RFC PATCH v2 2/4] ima: Use tpm_chip from init IMA namespace.
Date: Mon, 31 Oct 2022 10:59:46 +0800
Message-ID: <20221031025946.298754-1-denis.semakin@huawei.com>
In-Reply-To: <20221031025507.298323-1-denis.semakin@huawei.com>
References: <20221031025507.298323-1-denis.semakin@huawei.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
Precedence: bulk

Series

Virtualize PCR for Container-IMA | expand

Commit Message

Denis Semakin Oct. 31, 2022, 2:59 a.m. UTC

For now a child namespace uses the same tpm chip descriptor
from init namespace.

Signed-off-by: Denis Semakin <denis.semakin@huawei.com>
---
 security/integrity/ima/ima_init_ima_ns.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/security/integrity/ima/ima_init_ima_ns.c b/security/integrity/ima/ima_init_ima_ns.c
index d29d113a322c..8093c61697a4 100644
--- a/security/integrity/ima/ima_init_ima_ns.c
+++ b/security/integrity/ima/ima_init_ima_ns.c
@@ -58,6 +58,14 @@  int ima_init_namespace(struct ima_namespace *ns)
 		mutex_init(&vpcr_list_mutex);
 		list_add(&ns->vpcr.list, &vpcr_list);
 	} else {
+		/**
+		 * Here we just assign tpm_chip from init_ima_ns
+		 * with new IMA namespace.
+		 * In future a new API should be used I think
+		 * Stefan's ima_ns_set_tpm_chip() and etc. to get
+		 * TPM chip descriptor and provider.
+		 */
+		ns->ima_tpm_chip = init_ima_ns.ima_tpm_chip;
 		mutex_lock(&vpcr_list_mutex);
 		list_add_tail(&ns->vpcr.list, &vpcr_list);
 		mutex_unlock(&vpcr_list_mutex);

[RFC,v2,2/4] ima: Use tpm_chip from init IMA namespace.

Commit Message

Patch