On Mon, 2026-02-23 at 14:56 +0000, Dmitry Safonov via B4 Relay wrote: > From: Dmitry Safonov <[email protected]> > > ima_tpm_chip->allocated_banks[i].crypto_id is initialized to > HASH_ALGO__LAST if the TPM algorithm is not supported. However there > are places relying on the algorithm to be valid because it is accessed > by hash_algo_name[].
If the TPM algorithm is not supported by whom? the kernel? HASH_ALGO__LAST is defined in linux/hash_info.h. If the crypto algorithm is not supported by the kernel, then the kernel won't be able to calculate the hash to extend the TPM. > @@ -404,16 +398,24 @@ static int __init > create_securityfs_measurement_lists(void) > char file_name[NAME_MAX + 1]; > struct dentry *dentry; > > - sprintf(file_name, "ascii_runtime_measurements_%s", > - hash_algo_name[algo]); > + if (algo == HASH_ALGO__LAST) > + sprintf(file_name, > "ascii_runtime_measurements_tpm_alg_%x", > + ima_tpm_chip->allocated_banks[i].alg_id); > + else > + sprintf(file_name, "ascii_runtime_measurements_%s", > + hash_algo_name[algo]); > dentry = securityfs_create_file(file_name, S_IRUSR | S_IRGRP, > ima_dir, (void *)(uintptr_t)i, > &ima_ascii_measurements_ops); > if (IS_ERR(dentry)) > return PTR_ERR(dentry); > > - sprintf(file_name, "binary_runtime_measurements_%s", > - hash_algo_name[algo]); > + if (algo == HASH_ALGO__LAST) > + sprintf(file_name, > "binary_runtime_measurements_tpm_alg_%x", > + ima_tpm_chip->allocated_banks[i].alg_id); There's no point in creating either of the securityfs files if the kernel doesn't support the hash algorithm. Mimi > + else > + sprintf(file_name, "binary_runtime_measurements_%s", > + hash_algo_name[algo]); > dentry = securityfs_create_file(file_name, S_IRUSR | S_IRGRP, > ima_dir, (void *)(uintptr_t)i, > &ima_measurements_ops);
