[RFC,v1,1/3] ima: Add a UUID value for each vPCR

Message ID	20230127081953.7534-2-ilya.hanov@huawei-partners.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-integrity-owner@vger.kernel.org> From: Ilya Hanov <ilya.hanov@huawei-partners.com> To: <linux-integrity@vger.kernel.org> CC: <yusongping@huawei.com>, <hukeping@huawei.com>, <denis.semakin@huawei-partners.com>, <artem.kuzin@huawei.com>, <konstantin.meskhidze@huawei.com>, <ilya.hanov@huawei-partners.com> Subject: [RFC PATCH v1 1/3] ima: Add a UUID value for each vPCR Date: Fri, 27 Jan 2023 16:19:51 +0800 Message-ID: <20230127081953.7534-2-ilya.hanov@huawei-partners.com> In-Reply-To: <20230127081953.7534-1-ilya.hanov@huawei-partners.com> References: <20221031025507.298323-1-denis.semakin@huawei.com> <20230127081953.7534-1-ilya.hanov@huawei-partners.com> MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk
Series	ima: vPCR debug/security \| expand [RFC,v1,0/3] ima: vPCR debug/security [RFC,v1,1/3] ima: Add a UUID value for each vPCR [RFC,v1,2/3] ima: ascii_vpcr pseudo-file for sysadmins [RFC,v1,3/3] ima: Use TPM RNG for vPCR.secret if it's presented.

Message ID

20230127081953.7534-2-ilya.hanov@huawei-partners.com (mailing list archive)

State

New, archived

Headers

From: Ilya Hanov <ilya.hanov@huawei-partners.com>
To: <linux-integrity@vger.kernel.org>
CC: <yusongping@huawei.com>, <hukeping@huawei.com>,
        <denis.semakin@huawei-partners.com>, <artem.kuzin@huawei.com>,
        <konstantin.meskhidze@huawei.com>, <ilya.hanov@huawei-partners.com>
Subject: [RFC PATCH v1 1/3] ima: Add a UUID value for each vPCR
Date: Fri, 27 Jan 2023 16:19:51 +0800
Message-ID: <20230127081953.7534-2-ilya.hanov@huawei-partners.com>
In-Reply-To: <20230127081953.7534-1-ilya.hanov@huawei-partners.com>
References: <20221031025507.298323-1-denis.semakin@huawei.com>
 <20230127081953.7534-1-ilya.hanov@huawei-partners.com>
MIME-Version: 1.0
Content-Type: text/plain
Precedence: bulk

Series

ima: vPCR debug/security | expand

Commit Message

Ilya Hanov Jan. 27, 2023, 8:19 a.m. UTC

Signed-off-by: Ilya Hanov <ilya.hanov@huawei-partners.com>
---
 security/integrity/ima/ima.h             | 2 ++
 security/integrity/ima/ima_fs.c          | 1 +
 security/integrity/ima/ima_init_ima_ns.c | 1 +
 3 files changed, 4 insertions(+)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 91da4dd11390..a717be9685ed 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -14,6 +14,7 @@ 
 #define __LINUX_IMA_H
 
 #include <linux/types.h>
+#include <linux/uuid.h>
 #include <linux/crypto.h>
 #include <linux/fs.h>
 #include <linux/security.h>
@@ -176,6 +177,7 @@  struct ima_namespace {
 	 */
 	int ima_extra_slots;
 	struct vpcr_entry vpcr;
+	uuid_t uuid;
 } __randomize_layout;
 extern struct ima_namespace init_ima_ns;
 
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index d2dc7749949b..cf9164d31599 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -635,6 +635,7 @@  static int vpcr_show(struct seq_file *m, void *v)
 						     vpcr);
 
 	ima_putc(m, "cPCR: ", strlen("cPCR: "));
+	ima_putc(m, curr_ns->uuid.b, UUID_SIZE);
 	ima_putc(m, vpcr->vpcr_tmp, SHA256_DIGEST_SIZE);
 
 	memcpy(buf, &temp_vpcr_hash.digest, SHA256_DIGEST_SIZE);
diff --git a/security/integrity/ima/ima_init_ima_ns.c b/security/integrity/ima/ima_init_ima_ns.c
index f22062b70977..33e6a18dc560 100644
--- a/security/integrity/ima/ima_init_ima_ns.c
+++ b/security/integrity/ima/ima_init_ima_ns.c
@@ -71,6 +71,7 @@  int ima_init_namespace(struct ima_namespace *ns)
 		mutex_unlock(&vpcr_list_mutex);
 	}
 
+	generate_random_uuid(ns->uuid.b);
 	get_random_bytes(&ns->vpcr.secret, sizeof(ns->vpcr.secret));
 
 	set_bit(IMA_NS_ACTIVE, &ns->ima_ns_flags);

[RFC,v1,1/3] ima: Add a UUID value for each vPCR

Commit Message

Patch