Signed-off-by: Ilya Hanov <ilya.hanov@xxxxxxxxxxxxxxxxxxx> --- security/integrity/ima/ima_init_ima_ns.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/security/integrity/ima/ima_init_ima_ns.c b/security/integrity/ima/ima_init_ima_ns.c index 33e6a18dc560..5ce3e42b6caa 100644 --- a/security/integrity/ima/ima_init_ima_ns.c +++ b/security/integrity/ima/ima_init_ima_ns.c @@ -6,7 +6,11 @@ * Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> */ +#ifdef CONFIG_HW_RANDOM_TPM +#include <linux/tpm.h> +#else /* !CONFIG_HW_RANDOM_TPM */ #include <linux/random.h> +#endif /* CONFIG_HW_RANDOM_TPM */ #include "ima.h" LIST_HEAD(vpcr_list); @@ -72,7 +76,14 @@ int ima_init_namespace(struct ima_namespace *ns) } generate_random_uuid(ns->uuid.b); +#ifdef CONFIG_HW_RANDOM_TPM + ret = tpm_get_random(ns->ima_tpm_chip, ns->vpcr.secret, + sizeof(ns->vpcr.secret)); + if (ret < 0) + goto err_destroy_cache; +#else /* !CONFIG_HW_RANDOM_TPM */ get_random_bytes(&ns->vpcr.secret, sizeof(ns->vpcr.secret)); +#endif /* CONFIG_HW_RANDOM_TPM */ set_bit(IMA_NS_ACTIVE, &ns->ima_ns_flags); -- 2.17.1
