On 12/11/2019 3:45 AM, Roberto Sassu wrote:
For the first part, the patch will be very simple, as IMA will just query the TPM
to get the list of hash algorithms and will calculate all the digests in
ima_calc_field_array_hash().
This query is probably for the allocated PCR banks. I.e., a TPM may
implement more hash algorithms than it allocates PCR banks.
For example, my hardware TPM reports 3 implemented hash algorithms, but
it only allocates 2 PCR banks.
$ getcapability -cap 5
3 PCR selections
hash TPM_ALG_SHA1
TPMS_PCR_SELECTION length 3
ff ff ff
hash TPM_ALG_SHA256
TPMS_PCR_SELECTION length 3
ff ff ff
hash TPM_ALG_SHA384
TPMS_PCR_SELECTION length 3
00 00 00
