-----Original Message-----
From: Mimi Zohar [mailto:zohar@linux.ibm.com]
Sent: Thursday, February 6, 2020 1:17 PM
To: Roberto Sassu <roberto.sassu@huawei.com>;
James.Bottomley@HansenPartnership.com;
jarkko.sakkinen@linux.intel.com
Cc: linux-integrity@vger.kernel.org; linux-security-module@vger.kernel.org;
linux-kernel@vger.kernel.org; Silviu Vlasceanu
[off-list ref]; stable@vger.kernel.org
Subject: Re: [PATCH v2 2/8] ima: Switch to ima_hash_algo for boot
aggregate

On Thu, 2020-02-06 at 09:36 +0000, Roberto Sassu wrote:

quoted

quoted

Hi Roberto,

On Wed, 2020-02-05 at 11:33 +0100, Roberto Sassu wrote:

<snip>

quoted

Reported-by: Jerry Snitselaar <redacted>
Suggested-by: James Bottomley

[off-list ref]

quoted

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Cc: stable@vger.kernel.org

Cc'ing stable resulted in Sasha's automated message.  If you're going
to Cc stable, then please include the stable kernel release (e.g. Cc:
stable@vger.kernel.org # v5.3).  Also please include a "Fixes" tag.
 Normally only bug fixes are backported.

Ok, will add the kernel version. I also thought which commit I should
mention in the Fixes tag. IMA always read the SHA1 bank from the
beginning. I could mention the patch that introduces the new API
to read other banks, but I'm not sure. What do you think?

This patch is dependent on nr_allocated_banks.  Please try applying
this patch to the earliest stable kernel with the commit that
introduces nr_allocated_banks and test to make sure it works properly.

It also depends on 879b589210a9 ("tpm: retrieve digest size of unknown"
algorithms with PCR read") which exported the mapping between TPM
algorithm ID and crypto ID, and changed the definition of tpm_pcr_read()
to read non-SHA1 PCR banks. It requires many patches, so backporting it
is not a trivial task. I think the earliest kernel this patch can be backported to
is 5.1.

Roberto