On Tue, 2026-01-27 at 09:55 +0000, Dmitry Safonov wrote: > On Tue, Jan 27, 2026 at 9:15 AM Roberto Sassu > <[email protected]> wrote: > > > > On Tue, 2026-01-27 at 03:05 +0000, Dmitry Safonov via B4 Relay wrote: > > > From: Dmitry Safonov <[email protected]> > > > > > > ima_init_crypto() skips initializing ima_algo_array[i] if the alogorithm > > > > Algorithm. > > Thanks. > > [..] > > > --- a/security/integrity/ima/ima_fs.c > > > +++ b/security/integrity/ima/ima_fs.c > > > @@ -404,6 +404,9 @@ static int __init > > > create_securityfs_measurement_lists(void) > > > char file_name[NAME_MAX + 1]; > > > struct dentry *dentry; > > > > > > + if (algo == HASH_ALGO__LAST) > > > + continue; > > > + > > > sprintf(file_name, "ascii_runtime_measurements_%s", > > > hash_algo_name[algo]); > > > > Thanks, but I think we can also print the unsupported digests, since > > they are there. Since we don't have the algorithm name, we can make > > ours like tpm_<algo hex>. > > I'm not quite sure what you mean. `algo` here is HASH_ALGO__LAST as > you see by the check added. As it's initialized by > ima_tpm_chip->allocated_banks[i].crypto_id, I presume it's > HASH_ALGO__LAST there as well (didn't check this assumption though). > Do you mean to print hex value of HASH_ALGO__LAST?
Even if you don't have the crypto ID because the TPM ID is not mapped, you can still use the TPM ID (ima_tpm_chip->allocated_banks[i].alg_id). I wanted to have a file name that includes the TPM ID. Roberto > > Once this is fixed, you can try to make SHA3_256 supported. Add the > > TPM_ALG_SHA3_256 definition in tpm.h and the mapping in tpm2-cmd.c > > (array tpm2_hash_map). > > Yeah, I thought of doing this, asked the related folks and they said > it might be worth if it's a simple/trivial patch. Will try if time > permits, somewhat busy with bug fixes at this moment. This one is just > a fix for read out-of-bounds for -stable (and I managed to forget to > Cc them! hehe). > > Going to send v2 with the typo fix and -stable Cc'ed if that sounds good to > you. > > > > > Thanks > > > > Roberto > [..] > > Thanks, > Dmitry
