[PATCH] ima: Add digest_size field to ima_algo_desc structure and use to show meas.
Mimi Zohar
zohar at linux.ibm.com
Wed Feb 25 19:47:32 UTC 2026
On Wed, 2026-02-25 at 13:37 -0500, Mimi Zohar wrote:
> On Wed, 2026-02-25 at 13:53 +0100, Roberto Sassu wrote:
> > From: Roberto Sassu <roberto.sassu at huawei.com>
> >
> > Add the digest_size field to the ima_algo_desc structure to determine the
> > digest size from the correct source.
> >
> > If the hash algorithm is among allocated PCR banks, take the value from the
> > TPM bank info; if the hash algorithm is SHA1, use the predefined value; if
> > the hash algorithm is the default one but not among the PCR banks, take the
> > digest size from the crypto subsystem (the default hash algorithm is
> > checked when parsing the ima_hash= command line option).
> >
> > Finally, use the new information to correctly show the template digest in
> > ima_measurements_show() and ima_ascii_measurements_show().
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
>
> Thanks, Roberto. The patch looks fine, other than the patch title. Could it be
> renamed as "ima: define and use a digest_size field in the ima_algo_desc
> structure"?
The original design relied on the kernel's hash algorithm size. This patch
changes it to use the TPM's hash algorithm size, without comparing it to the
kernel's definition.
At minimum, this change in design should be noted above in the patch
description.
Mimi
More information about the Linux-security-module-archive
mailing list