Implement ima_shutdown so that we can release the tpm_chip before devices are shut down. Register it as a low-priority reboot_notifier. Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> --- security/integrity/ima/ima_init.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 29b72cd2502e..8a5258eb32b6 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -21,6 +21,7 @@ #include <linux/scatterlist.h> #include <linux/slab.h> #include <linux/err.h> +#include <linux/reboot.h> #include "ima.h" @@ -104,11 +105,24 @@ void __init ima_load_x509(void) } #endif +static int ima_shutdown(struct notifier_block *this, unsigned long action, + void *data) +{ + return NOTIFY_DONE; +} + +static struct notifier_block ima_reboot_notifier = { + .notifier_call = ima_shutdown, + .priority = 0, +}; + int __init ima_init(void) { u8 pcr_i[TPM_DIGEST_SIZE]; int rc; + register_reboot_notifier(&ima_reboot_notifier); + ima_used_chip = 0; rc = tpm_pcr_read(NULL, 0, pcr_i); if (rc == 0) -- 2.13.6