runtime_measurements_<hash-algo> sysfs files are getting created for each PCR bank + for SHA-1. Now that runtime_measurements_<hash-algo> sysfs file creation is being skipped for unsupported hash algorithms, it will become possible that no such file would be provided at all once SHA-1 is made optional in a later patch. Always create the file for the 'ima_hash' algorithm, even if it's not associated with any of the PCR banks. As IMA initialization will continue to fail if the ima_hash algorithm is not available to the kernel, this guarantees that at least one such file will always be there. Signed-off-by: Nicolai Stange <nstange@xxxxxxx> --- security/integrity/ima/ima_fs.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index a8df2fe5f4cb..f030ff7f56da 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -436,10 +436,8 @@ static int __init create_securityfs_measurement_lists(void) u16 algo; int i; - securityfs_measurement_list_count = NR_BANKS(ima_tpm_chip); - - if (ima_sha1_idx >= NR_BANKS(ima_tpm_chip)) - securityfs_measurement_list_count++; + securityfs_measurement_list_count = + NR_BANKS(ima_tpm_chip) + ima_extra_slots; ascii_securityfs_measurement_lists = kcalloc(securityfs_measurement_list_count, sizeof(struct dentry *), -- 2.47.1
