For both kernel with and without CONFIG_IMA=y.
NOTE: ima_boot_aggregate was added in dc00c92, without TPM 2.0
it just reported:
EVP_DigestInit() failed
(null):
Fixes: 917317a ("ima_evm_utils: emit the per TPM PCR bank
"boot_aggregate" values")
Signed-off-by: Petr Vorel <pvorel@xxxxxxx>
---
src/evmctl.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 1d065ce..94ec56b 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1998,11 +1998,17 @@ static int cmd_ima_bootaggr(struct command *cmd)
* Format: <hash algorithm name>:<boot_aggregate digest>\n ...
*/
for (i = 0; i < num_banks; i++) {
- if (!tpm_banks[i].supported)
+ if (!tpm_banks[i].supported || !tpm_banks[i].algo_name)
continue;
bootaggr_len += strlen(tpm_banks[i].algo_name) + 1;
bootaggr_len += (tpm_banks[i].digest_size * 2) + 1;
}
+
+ if (!bootaggr_len) {
+ log_info("No TPM 2.0 PCR bank algorithm found (no TPM 2.0?)\n");
+ return -1;
+ }
+
bootaggr = malloc(bootaggr_len);
/*
@@ -2012,7 +2018,7 @@ static int cmd_ima_bootaggr(struct command *cmd)
* strings.
*/
for (i = 0; i < num_banks; i++) {
- if (!tpm_banks[i].supported)
+ if (!tpm_banks[i].supported || !tpm_banks[i].algo_name)
continue;
calc_bootaggr(&tpm_banks[i]);
offset += append_bootaggr(bootaggr + offset, tpm_banks + i);
--
2.27.0.rc0
