lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1580148098.5088.32.camel@linux.ibm.com>
Date:   Mon, 27 Jan 2020 13:01:38 -0500
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>,
        linux-integrity@...r.kernel.org
Cc:     Jerry Snitselaar <jsnitsel@...hat.com>,
        James Bottomley <James.Bottomley@...senPartnership.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] ima: support calculating the boot_aggregate based
 on different TPM banks

On Mon, 2020-01-27 at 08:50 -0800, Lakshmi Ramasubramanian wrote:
> On 1/27/2020 8:01 AM, Mimi Zohar wrote:
> 
> > +
> > +	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {
> > +		if (ima_tpm_chip->allocated_banks[i].alg_id == d.alg_id)
> > +			break;
> > +	}
> > +
> > +	if (i == ima_tpm_chip->nr_allocated_banks)
> > +		d.alg_id = ima_tpm_chip->allocated_banks[0].alg_id;
> > +
> 
> Can the number of allocated banks (ima_tpm_chip->nr_allocated_banks) be 
> zero? Should that be checked before accessing "allocated_banks"?

Yes, that might be the true, but I think the solution is not fixing
the problem here, but when ima_tpm_chip is set in ima_init().
tpm_default_chip() should be modified to return a TPM with at least
one bank enabled; and ima_init() needs to go into TPM-bypass mode if
there isn't.

Can anyone look into this please?

Mimi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ