The IBM Integrity Measurement Architecture (IMA) is being submitted for
inclusion by Reiner Sailer. The IMA is a LSM that uses TPM
functionality. This patch provides and internal kernel interface for
IMA and any other subsystems to access TPM functionality. A subsystem
first requests the chip it is trying to access with the tpm_chip_lookup
function and then submitts TPM commands to that chip with the tpm_transmit
function. For security reasons IMA needs to be built into the
kernel, in order for the TPM driver to be available during IMA
initialization the module_init is replaced with an fs_initcall when the
driver is built into the kernel.
This patch should apply against 2.6.12-rc4-mm2 plus the patch I submitted
on May 16 to remove the unnecessary lpc initialization stuff.
Signed-off-by: Kylene Hall <[email protected]>
---
--- linux-2.6.12-rc4/drivers/char/tpm/tpm.c.orig 2005-05-17 14:15:53.000000000 -0500
+++ linux-2.6.12-rc4/drivers/char/tpm/tpm.c 2005-05-17 14:18:56.000000000 -0500
@@ -50,15 +50,35 @@ static void user_reader_timeout(unsigned
}
/*
+ * This function should be used by other kernel subsystems attempting to use the tpm through the tpm_transmit interface.
+ * A call to this function will return the chip structure corresponding to the TPM you are looking for that can then be sent with your command to tpm_transmit.
+ * Passing 0 as the argument corresponds to /dev/tpm0 and thus the first and probably primary TPM on the system. Passing 1 corresponds to /dev/tpm1 and the next TPM discovered. If a TPM with the given chip_num does not exist NULL will be returned.
+ */
+struct tpm_chip* tpm_chip_lookup(int chip_num)
+{
+
+ struct tpm_chip *pos;
+ list_for_each_entry(pos, &tpm_chip_list, list)
+ if (pos->dev_num == chip_num)
+ return pos;
+
+ return NULL;
+
+}
+
+/*
* Internal kernel interface to transmit TPM commands
*/
-static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
+ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
size_t bufsiz)
{
ssize_t rc;
u32 count;
unsigned long stop;
+ if ( !chip )
+ return -ENODEV;
+
count = be32_to_cpu(*((__be32 *) (buf + 2)));
if (count == 0)
@@ -110,6 +130,7 @@ out:
up(&chip->tpm_mutex);
return rc;
}
+EXPORT_SYMBOL_GPL(tpm_transmit);
#define TPM_DIGEST_SIZE 20
#define CAP_PCR_RESULT_SIZE 18
--- linux-2.6.12-rc3-ima/drivers/char/tpm/tpm.h 2005-04-20 19:03:13.000000000 -0500
+++ linux-2.6.12-rc3-ima/drivers/char/tpm/tpm.h 2005-05-02 14:08:44.000000000 -0500
@@ -91,3 +91,8 @@ extern ssize_t tpm_read(struct file *, c
extern void __devexit tpm_remove(struct pci_dev *);
extern int tpm_pm_suspend(struct pci_dev *, pm_message_t);
extern int tpm_pm_resume(struct pci_dev *);
+
+/* internal kernel interface */
+extern ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
+ size_t bufsiz);
+extern struct tpm_chip *tpm_chip_lookup(int chip_num);
--- linux-2.6.12-rc3-ima/drivers/char/tpm/tpm_atmel.c 2005-04-20 19:03:13.000000000 -0500
+++ linux-2.6.12-rc3-ima/drivers/char/tpm/tpm_atmel.c 2005-05-02 14:06:35.000000000 -0500
@@ -207,7 +207,11 @@ static void __exit cleanup_atmel(void)
pci_unregister_driver(&atmel_pci_driver);
}
+#ifdef MODULE
module_init(init_atmel);
+#else
+fs_initcall(init_atmel);
+#endif
module_exit(cleanup_atmel);
MODULE_AUTHOR("Leendert van Doorn ([email protected])");
--- linux-2.6.12-rc3-ima/drivers/char/tpm/tpm_nsc.c 2005-04-20 19:03:13.000000000 -0500
+++ linux-2.6.12-rc3-ima/drivers/char/tpm/tpm_nsc.c 2005-05-02 14:09:34.000000000 -0500
@@ -364,7 +364,11 @@ static void __exit cleanup_nsc(void)
pci_unregister_driver(&nsc_pci_driver);
}
+#ifdef MODULE
module_init(init_nsc);
+#else
+fs_initcall(init_nsc);
+#endif
module_exit(cleanup_nsc);
MODULE_AUTHOR("Leendert van Doorn ([email protected])");
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]