From 7b755443b565fe4976cabaa8b5e85cb9729bb921 Mon Sep 17 00:00:00 2001 From: Roberto Sassu Date: Mon, 19 Dec 2011 15:57:28 +0100 Subject: [PATCH] --- yaml --- r: 283259 b: refs/heads/master c: 7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da h: refs/heads/master i: 283257: 1555cfe95f68a50f13cb7494de22117608af1dbb 283255: c8e433109612de4bec3a9c5914c5f34a2b8d6a69 v: v3 --- [refs] | 2 +- trunk/security/integrity/ima/ima_queue.c | 16 +++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/[refs] b/[refs] index 7bfc842dcc1c..27f0b3868b8f 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 45fae7493970d7c45626ccd96d4a74f5f1eea5a9 +refs/heads/master: 7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da diff --git a/trunk/security/integrity/ima/ima_queue.c b/trunk/security/integrity/ima/ima_queue.c index e1a5062b1f6a..55a6271bce7a 100644 --- a/trunk/security/integrity/ima/ima_queue.c +++ b/trunk/security/integrity/ima/ima_queue.c @@ -23,6 +23,8 @@ #include #include "ima.h" +#define AUDIT_CAUSE_LEN_MAX 32 + LIST_HEAD(ima_measurements); /* list of all measurements */ /* key: inode (before secure-hashing a file) */ @@ -94,7 +96,8 @@ static int ima_pcr_extend(const u8 *hash) result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); if (result != 0) - pr_err("IMA: Error Communicating to TPM chip\n"); + pr_err("IMA: Error Communicating to TPM chip, result: %d\n", + result); return result; } @@ -106,8 +109,9 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, { u8 digest[IMA_DIGEST_SIZE]; const char *audit_cause = "hash_added"; + char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX]; int audit_info = 1; - int result = 0; + int result = 0, tpmresult = 0; mutex_lock(&ima_extend_list_mutex); if (!violation) { @@ -129,9 +133,11 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, if (violation) /* invalidate pcr */ memset(digest, 0xff, sizeof digest); - result = ima_pcr_extend(digest); - if (result != 0) { - audit_cause = "TPM error"; + tpmresult = ima_pcr_extend(digest); + if (tpmresult != 0) { + snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)", + tpmresult); + audit_cause = tpm_audit_cause; audit_info = 0; } out: