[PATCH 1 of 4] ima: related TPM device driver interal kernel interface

The IBM Integrity Measurement Architecture (IMA) is being submitted for 
inclusion by Reiner Sailer.  The IMA is a LSM that uses TPM 
functionality.  This patch provides and internal kernel interface for 
IMA and any other subsystems to access TPM functionality.  A subsystem 
first requests the chip it is trying to access with the tpm_chip_lookup 
function and then submitts TPM commands to that chip with the tpm_transmit 
function.  For security reasons IMA needs to be built into the 
kernel, in order for the TPM driver to be available during IMA 
initialization the module_init is replaced with an fs_initcall when the 
driver is built into the kernel.

This patch should apply against 2.6.12-rc4-mm2 plus the patch I submitted 
on May 16 to remove the unnecessary lpc initialization stuff.

Signed-off-by: Kylene Hall <[email protected]>
---
--- linux-2.6.12-rc4/drivers/char/tpm/tpm.c.orig	2005-05-17 14:15:53.000000000 -0500
+++ linux-2.6.12-rc4/drivers/char/tpm/tpm.c	2005-05-17 14:18:56.000000000 -0500
@@ -50,15 +50,35 @@ static void user_reader_timeout(unsigned
 }
 
 /*
+ * This function should be used by other kernel subsystems attempting to use the tpm through the tpm_transmit interface.
+ * A call to this function will return the chip structure corresponding to the TPM you are looking for that can then be sent with your command to tpm_transmit.
+ * Passing 0 as the argument corresponds to /dev/tpm0 and thus the first and probably primary TPM on the system.  Passing 1 corresponds to /dev/tpm1 and the next TPM discovered.  If a TPM with the given chip_num does not exist NULL will be returned.  
+ */
+struct tpm_chip* tpm_chip_lookup(int chip_num)
+{
+
+	struct tpm_chip *pos;
+	list_for_each_entry(pos, &tpm_chip_list, list)
+		if (pos->dev_num == chip_num)
+			return pos;
+
+	return NULL;
+
+}
+
+/*
  * Internal kernel interface to transmit TPM commands
  */
-static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
+ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
 			    size_t bufsiz)
 {
 	ssize_t rc;
 	u32 count;
 	unsigned long stop;
 
+	if ( !chip )
+		return -ENODEV;
+
 	count = be32_to_cpu(*((__be32 *) (buf + 2)));
 
 	if (count == 0)
@@ -110,6 +130,7 @@ out:
 	up(&chip->tpm_mutex);
 	return rc;
 }
+EXPORT_SYMBOL_GPL(tpm_transmit);
 
 #define TPM_DIGEST_SIZE 20
 #define CAP_PCR_RESULT_SIZE 18
--- linux-2.6.12-rc3-ima/drivers/char/tpm/tpm.h	2005-04-20 19:03:13.000000000 -0500
+++ linux-2.6.12-rc3-ima/drivers/char/tpm/tpm.h	2005-05-02 14:08:44.000000000 -0500
@@ -91,3 +91,8 @@ extern ssize_t tpm_read(struct file *, c
 extern void __devexit tpm_remove(struct pci_dev *);
 extern int tpm_pm_suspend(struct pci_dev *, pm_message_t);
 extern int tpm_pm_resume(struct pci_dev *);
+
+/* internal kernel interface */
+extern ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
+			    size_t bufsiz);
+extern struct tpm_chip *tpm_chip_lookup(int chip_num);
--- linux-2.6.12-rc3-ima/drivers/char/tpm/tpm_atmel.c	2005-04-20 19:03:13.000000000 -0500
+++ linux-2.6.12-rc3-ima/drivers/char/tpm/tpm_atmel.c	2005-05-02 14:06:35.000000000 -0500
@@ -207,7 +207,11 @@ static void __exit cleanup_atmel(void)
 	pci_unregister_driver(&atmel_pci_driver);
 }
 
+#ifdef MODULE
 module_init(init_atmel);
+#else
+fs_initcall(init_atmel);
+#endif
 module_exit(cleanup_atmel);
 
 MODULE_AUTHOR("Leendert van Doorn ([email protected])");
--- linux-2.6.12-rc3-ima/drivers/char/tpm/tpm_nsc.c	2005-04-20 19:03:13.000000000 -0500
+++ linux-2.6.12-rc3-ima/drivers/char/tpm/tpm_nsc.c	2005-05-02 14:09:34.000000000 -0500
@@ -364,7 +364,11 @@ static void __exit cleanup_nsc(void)
 	pci_unregister_driver(&nsc_pci_driver);
 }
 
+#ifdef MODULE
 module_init(init_nsc);
+#else
+fs_initcall(init_nsc);
+#endif
 module_exit(cleanup_nsc);
 
 MODULE_AUTHOR("Leendert van Doorn ([email protected])");
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [PATCH 1 of 4] ima: related TPM device driver interal kernel interface
    • From: James Morris <[email protected]>

• Prev by Date: Re: why nfs server delay 10ms in nfsd_write()?
• Next by Date: Re: PROBLEM: kmem_cache_create: duplicate cache fat_cache
• Previous by thread: [PATCH retry 3] namespace.c: fix race in mark_mounts_for_expiry()
• Next by thread: Re: [PATCH 1 of 4] ima: related TPM device driver interal kernel interface
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]