On Tue, 2018-12-04 at 15:40 -0800, Jarkko Sakkinen wrote:

On Tue, Dec 04, 2018 at 09:21:35AM +0100, Roberto Sassu wrote:

quoted

Currently the TPM driver allows other kernel subsystems to read only the
SHA1 PCR bank. This patch modifies the parameters of tpm_pcr_read() and
tpm2_pcr_read() to pass a tpm_digest structure, which contains the desired
hash algorithm. Also, since commit 125a22105410 ("tpm: React correctly to
RC_TESTING from TPM 2.0 self tests") removed the call to tpm2_pcr_read(),
the new parameter is expected to be always not NULL.

Due to the API change, IMA functions have been modified.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>

Reviewed-by: Jarkko Sakkinen <redacted>

Mimi, Nayna, can you help with testing this (because of the IMA change)?

It's up & running and the measurement list verifies against the TPM
PCR.  Although this system has two algorithms enabled, all of the PCRs
are allocated for one algorithm and none for the other.  I'm still
looking around for another system with PCR 10 enabled for multiple
algorithms.

Mimi