This patch set introduces IMA's Root of Trust (RoT), which is to support new RoT implementations such as Intel TDX and VirtCCA, as well as the classic TPM.
Reference for Intel TDX with IMA: https://www.intel.cn/content/www/cn/zh/developer/articles/community/runtime-...
Reference for VirtCCA: https://gitee.com/openeuler/kernel/blob/OLK-6.6/Documentation/virtcca/virtcc...
GONG Ruiqi (5): ima: rot: Introduce basic framework ima: rot: Prepare TPM as an RoT ima: rot: Make RoT kick in ima: Rename ima_cvm to ima_virtcca ima: rot: Adapt VirtCCA into Rot
security/integrity/ima/Makefile | 5 +- security/integrity/ima/ima.h | 5 +- security/integrity/ima/ima_api.c | 2 +- security/integrity/ima/ima_crypto.c | 48 +++++------- security/integrity/ima/ima_cvm.c | 77 ------------------ security/integrity/ima/ima_cvm.h | 36 --------- security/integrity/ima/ima_init.c | 31 ++------ security/integrity/ima/ima_queue.c | 51 ++++-------- security/integrity/ima/ima_rot.c | 86 ++++++++++++++++++++ security/integrity/ima/ima_rot.h | 28 +++++++ security/integrity/ima/ima_template.c | 2 +- security/integrity/ima/ima_template_lib.c | 2 +- security/integrity/ima/ima_tpm.c | 63 +++++++++++++++ security/integrity/ima/ima_tpm.h | 21 +++++ security/integrity/ima/ima_virtcca.c | 95 +++++++++++++++++++++++ security/integrity/ima/ima_virtcca.h | 13 ++++ 16 files changed, 355 insertions(+), 210 deletions(-) delete mode 100644 security/integrity/ima/ima_cvm.c delete mode 100644 security/integrity/ima/ima_cvm.h create mode 100644 security/integrity/ima/ima_rot.c create mode 100644 security/integrity/ima/ima_rot.h create mode 100644 security/integrity/ima/ima_tpm.c create mode 100644 security/integrity/ima/ima_tpm.h create mode 100644 security/integrity/ima/ima_virtcca.c create mode 100644 security/integrity/ima/ima_virtcca.h