The algorithm name sm3-256 referenced by IMA is implemented in crypto as sm3,
which causes IMA to not use sm3-256 algorithm. This patch solves this problem
by adding an alias name sm3-256 to sm3 algorithm, and let IMA hash algorithm
configuration list supports sm3.
sm3-256 has been supported by the ima hash algorithm, but it is not
yet in the Kconfig configuration list. After adding, both ima and tpm2
can support sm3-256 well.
Signed-off-by: Tianjia Zhang <[email protected]>
---
security/integrity/ima/Kconfig | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 838476d780e5..27b5df895808 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -112,6 +112,10 @@ choice
config IMA_DEFAULT_HASH_WP512
bool "WP512"
depends on CRYPTO_WP512=y && !IMA_TEMPLATE
+
+ config IMA_DEFAULT_HASH_SM3_256
+ bool "SM3_256"
+ depends on CRYPTO_SM3=y && !IMA_TEMPLATE
endchoice
config IMA_DEFAULT_HASH
@@ -121,6 +125,7 @@ config IMA_DEFAULT_HASH
default "sha256" if IMA_DEFAULT_HASH_SHA256
default "sha512" if IMA_DEFAULT_HASH_SHA512
default "wp512" if IMA_DEFAULT_HASH_WP512
+ default "sm3-256" if IMA_DEFAULT_HASH_SM3_256
config IMA_WRITE_POLICY
bool "Enable multiple writes to the IMA policy"
--
2.17.1