> > > @@ -404,16 +398,24 @@ static int __init > > > create_securityfs_measurement_lists(void) > > > char file_name[NAME_MAX + 1]; > > > struct dentry *dentry; > > > > > > - sprintf(file_name, "ascii_runtime_measurements_%s", > > > - hash_algo_name[algo]); > > > + if (algo == HASH_ALGO__LAST) > > > + sprintf(file_name, > > > "ascii_runtime_measurements_tpm_alg_%x", > > > + ima_tpm_chip->allocated_banks[i].alg_id); > > > + else > > > + sprintf(file_name, "ascii_runtime_measurements_%s", > > > + hash_algo_name[algo]); > > > dentry = securityfs_create_file(file_name, S_IRUSR | S_IRGRP, > > > ima_dir, (void *)(uintptr_t)i, > > > &ima_ascii_measurements_ops); > > > if (IS_ERR(dentry)) > > > return PTR_ERR(dentry); > > > > > > - sprintf(file_name, "binary_runtime_measurements_%s", > > > - hash_algo_name[algo]); > > > + if (algo == HASH_ALGO__LAST) > > > + sprintf(file_name, > > > "binary_runtime_measurements_tpm_alg_%x", > > > + ima_tpm_chip->allocated_banks[i].alg_id); > > > > There's no point in creating either of the securityfs files if the kernel > > doesn't support the hash algorithm. > > It is not useful per se, but since it is an information that it is > produced and maintained by IMA, we can print it. And second, it will > expose the fact that there is an unsupported algorithm (in the case of > SHA3-256, the fix is add to the TPM - crypto subsystem mapping in tpm2- > cmd.c).
Yes, agreed. Dmitry, the Subject line implies the measurement lists aren't being created, yet you're actually creating them. Please update the patch description before re- posting. thanks, Mimi
