hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/IB4I9O
--------------------------------
VirtCCA is the name of device that IMA works with, while CVM, standing for Confidential Virtual Machine, is what IMA will achieve, together with VirtCCA as well as other components. So naming those file/function with ima_virtcca makes more sense.
Co-developed-by: Lu Huaxin luhuaxin1@huawei.com Signed-off-by: Lu Huaxin luhuaxin1@huawei.com Signed-off-by: GONG Ruiqi gongruiqi1@huawei.com --- security/integrity/ima/Makefile | 2 +- security/integrity/ima/ima_cvm.h | 36 ------------------- security/integrity/ima/ima_init.c | 8 ++--- security/integrity/ima/ima_queue.c | 4 +-- .../ima/{ima_cvm.c => ima_virtcca.c} | 10 +++--- security/integrity/ima/ima_virtcca.h | 36 +++++++++++++++++++ 6 files changed, 48 insertions(+), 48 deletions(-) delete mode 100644 security/integrity/ima/ima_cvm.h rename security/integrity/ima/{ima_cvm.c => ima_virtcca.c} (87%) create mode 100644 security/integrity/ima/ima_virtcca.h
diff --git a/security/integrity/ima/Makefile b/security/integrity/ima/Makefile index d9f2030d8b90..9f683951cb4c 100644 --- a/security/integrity/ima/Makefile +++ b/security/integrity/ima/Makefile @@ -21,4 +21,4 @@ ifeq ($(CONFIG_EFI),y) ima-$(CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT) += ima_efi.o endif
-ima-$(CONFIG_HISI_VIRTCCA_GUEST) += ima_cvm.o +ima-$(CONFIG_HISI_VIRTCCA_GUEST) += ima_virtcca.o diff --git a/security/integrity/ima/ima_cvm.h b/security/integrity/ima/ima_cvm.h deleted file mode 100644 index 864243bd0844..000000000000 --- a/security/integrity/ima/ima_cvm.h +++ /dev/null @@ -1,36 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* - * Copyright (C) 2024. Huawei Technologies Co., Ltd. All rights reserved. - */ -#ifndef __LINUX_IMA_CVM_H -#define __LINUX_IMA_CVM_H - -#include "ima.h" - -#ifdef CONFIG_HISI_VIRTCCA_GUEST -int __init ima_cvm_init(void); -bool ima_cvm_available(void); -int ima_cvm_extend(struct tpm_digest *digests_arg); -int ima_calc_cvm_boot_aggregate(struct ima_digest_data *hash); -#else -static inline int __init ima_cvm_init(void) -{ - return -ENODEV; -} - -static inline bool ima_cvm_available(void) -{ - return false; -} - -static inline int ima_cvm_extend(struct tpm_digest *digests_arg) -{ - return -ENODEV; -} - -static inline int ima_calc_cvm_boot_aggregate(struct ima_digest_data *hash) -{ - return -ENODEV; -} -#endif -#endif diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index acf9074caf84..8889d42448da 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -19,7 +19,7 @@ #include <generated/utsrelease.h>
#include "ima.h" -#include "ima_cvm.h" +#include "ima_virtcca.h"
/* name for boot aggregate entry */ const char boot_aggregate_name[] = "boot_aggregate"; @@ -59,8 +59,8 @@ static int __init ima_add_boot_aggregate(void) iint->ima_hash->length = hash_digest_size[ima_hash_algo];
#ifdef CONFIG_HISI_VIRTCCA_GUEST - if (ima_cvm_available()) { - result = ima_calc_cvm_boot_aggregate(&hash.hdr); + if (ima_virtcca_available()) { + result = ima_calc_virtcca_boot_aggregate(&hash.hdr); if (result < 0) { audit_cause = "hashing_error"; goto err_out; @@ -133,7 +133,7 @@ int __init ima_init(void) int rc;
#ifdef CONFIG_HISI_VIRTCCA_GUEST - rc = ima_cvm_init(); + rc = ima_virtcca_init(); if (rc) { pr_info("No CVM found, activating CVM-bypass!\n"); ima_rot_inst = ima_rot_init(); diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 6f2d62deb1f1..fba549d2d0d8 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -18,7 +18,7 @@ #include <linux/rculist.h> #include <linux/slab.h> #include "ima.h" -#include "ima_cvm.h" +#include "ima_virtcca.h"
#define AUDIT_CAUSE_LEN_MAX 32
@@ -176,7 +176,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, digests_arg = digests;
#ifdef CONFIG_HISI_VIRTCCA_GUEST - rotresult = ima_cvm_extend(digests_arg); + rotresult = ima_virtcca_extend(digests_arg); if (rotresult != 0) { snprintf(rot_audit_cause, AUDIT_CAUSE_LEN_MAX, "TSI_error(%d)", rotresult); diff --git a/security/integrity/ima/ima_cvm.c b/security/integrity/ima/ima_virtcca.c similarity index 87% rename from security/integrity/ima/ima_cvm.c rename to security/integrity/ima/ima_virtcca.c index 0fe3c0da63b2..318c547b0d59 100644 --- a/security/integrity/ima/ima_cvm.c +++ b/security/integrity/ima/ima_virtcca.c @@ -4,16 +4,16 @@ */ #include <asm/virtcca_cvm_smc.h> #include <asm/virtcca_cvm_guest.h> -#include "ima_cvm.h" +#include "ima_virtcca.h"
static bool ima_tsi_cvm;
-bool ima_cvm_available(void) +bool ima_virtcca_available(void) { return ima_tsi_cvm; }
-int __init ima_cvm_init(void) +int __init ima_virtcca_init(void) { int rc = -ENODEV;
@@ -25,7 +25,7 @@ int __init ima_cvm_init(void) return rc; }
-int ima_calc_cvm_boot_aggregate(struct ima_digest_data *hash) +int ima_calc_virtcca_boot_aggregate(struct ima_digest_data *hash) { unsigned long result; int hash_len; @@ -56,7 +56,7 @@ int ima_calc_cvm_boot_aggregate(struct ima_digest_data *hash) return 0; }
-int ima_cvm_extend(struct tpm_digest *digests_arg) +int ima_virtcca_extend(struct tpm_digest *digests_arg) { struct virtcca_cvm_measurement_extend cme;
diff --git a/security/integrity/ima/ima_virtcca.h b/security/integrity/ima/ima_virtcca.h new file mode 100644 index 000000000000..8e00c9b6a996 --- /dev/null +++ b/security/integrity/ima/ima_virtcca.h @@ -0,0 +1,36 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2024. Huawei Technologies Co., Ltd. All rights reserved. + */ +#ifndef __LINUX_IMA_VIRTCCA_H +#define __LINUX_IMA_VIRTCCA_H + +#include "ima.h" + +#ifdef CONFIG_HISI_VIRTCCA_GUEST +int __init ima_virtcca_init(void); +bool ima_virtcca_available(void); +int ima_virtcca_extend(struct tpm_digest *digests_arg); +int ima_calc_virtcca_boot_aggregate(struct ima_digest_data *hash); +#else +static inline int __init ima_virtcca_init(void) +{ + return -ENODEV; +} + +static inline bool ima_virtcca_available(void) +{ + return false; +} + +static inline int ima_virtcca_extend(struct tpm_digest *digests_arg) +{ + return -ENODEV; +} + +static inline int ima_calc_virtcca_boot_aggregate(struct ima_digest_data *hash) +{ + return -ENODEV; +} +#endif +#endif