[PATCH v4] ima_fs: Avoid creating measurement lists for unsupported hash algos
Dmitry Safonov
dima at arista.com
Mon Feb 23 14:59:28 UTC 2026
Hi Roberto,
On Thu, Feb 19, 2026 at 8:55 AM Roberto Sassu
<roberto.sassu at huaweicloud.com> wrote:
>
> On Tue, 2026-01-27 at 16:20 +0100, Roberto Sassu wrote:
> > On Tue, 2026-01-27 at 15:03 +0000, Dmitry Safonov via B4 Relay wrote:
> > > From: Dmitry Safonov <dima at arista.com>
> > >
> > > ima_init_crypto() skips initializing ima_algo_array[i] if the algorithm
> > > from ima_tpm_chip->allocated_banks[i].crypto_id is not supported.
> > > It seems avoid adding the unsupported algorithm to ima_algo_array will
> > > break all the logic that relies on indexing by NR_BANKS(ima_tpm_chip).
> >
> > The patch looks good, although I didn't try yet myself.
> >
> > I would make the commit message slightly better, with a more fluid
> > explanation.
> >
> > ima_tpm_chip->allocated_banks[i].crypto_id is initialized to
> > HASH_ALGO__LAST if the TPM algorithm is not supported. However there
> > are places relying on the algorithm to be valid because it is accessed
> > by hash_algo_name[].
> >
> > Thus solve the problem by creating a file name that does not depend on
> > the crypto algorithm to be initialized, ...
> >
> > Also print the template entry digest as populated by IMA.
> >
> > Something along these lines.
> >
> > Also, I have a preference for lower case instead of capital case for
> > the file name, given the other names.
>
> Hi Dmitry
>
> do you have time to make these small changes, so that we queue the
> patch for the next kernel?
I've just sent v5. Sorry for the delay — I got busy with the local release bugs.
Thanks,
Dmitry
More information about the Linux-security-module-archive
mailing list