diff options
| author | Stefan Berger <stefanb@linux.vnet.ibm.com> | 2020-03-30 07:55:55 -0400 |
|---|---|---|
| committer | Kevin O'Connor <kevin@koconnor.net> | 2020-04-19 11:35:33 -0400 |
| commit | 80fce2c2eba832145ff85d412345c52e68481198 (patch) | |
| tree | bba5c53bb933fbf11387ec8ac9247df1b5d94f85 /src/tcgbios.c | |
| parent | 6a3b59ab9c7dc00331c21346052dfa6a0df45aa3 (diff) | |
| download | seabios-80fce2c2eba832145ff85d412345c52e68481198.tar.gz | |
tcgbios: Only write logs for PCRs that are in active PCR banks
Only write the logs for those PCRs that are in active PCR banks.
A PCR banks is assumed to be active if any of the BIOS relevant
PCRs 0 - 7 is enabled, thus pcrSelect[0] != 0.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Diffstat (limited to 'src/tcgbios.c')
| -rw-r--r-- | src/tcgbios.c | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/src/tcgbios.c b/src/tcgbios.c index 95c1e943..cc3a51f2 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -265,7 +265,7 @@ tpm20_write_EfiSpecIdEventStruct(void) struct tpms_pcr_selection *sel = tpm20_pcr_selection->selections; void *nsel, *end = (void*)tpm20_pcr_selection + tpm20_pcr_selection_size; - u32 count; + u32 count, numAlgs = 0; for (count = 0; count < be32_to_cpu(tpm20_pcr_selection->count); count++) { u8 sizeOfSelect = sel->sizeOfSelect; @@ -273,6 +273,11 @@ tpm20_write_EfiSpecIdEventStruct(void) if (nsel > end) break; + if (!sizeOfSelect || sel->pcrSelect[0] == 0) { + sel = nsel; + continue; + } + int hsize = tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg)); if (hsize < 0) { dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n", @@ -287,8 +292,9 @@ tpm20_write_EfiSpecIdEventStruct(void) return -1; } - event.hdr.digestSizes[count].algorithmId = be16_to_cpu(sel->hashAlg); - event.hdr.digestSizes[count].digestSize = hsize; + event.hdr.digestSizes[numAlgs].algorithmId = be16_to_cpu(sel->hashAlg); + event.hdr.digestSizes[numAlgs].digestSize = hsize; + numAlgs++; sel = nsel; } @@ -298,9 +304,9 @@ tpm20_write_EfiSpecIdEventStruct(void) return -1; } - event.hdr.numberOfAlgorithms = count; + event.hdr.numberOfAlgorithms = numAlgs; int event_size = offsetof(struct TCG_EfiSpecIdEventStruct - , digestSizes[count]); + , digestSizes[numAlgs]); u32 *vendorInfoSize = (void*)&event + event_size; *vendorInfoSize = 0; event_size += sizeof(*vendorInfoSize); @@ -336,7 +342,7 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian) void *nsel, *end = (void*)tpm20_pcr_selection + tpm20_pcr_selection_size; void *dest = le->hdr.digest + sizeof(struct tpm2_digest_values); - u32 count; + u32 count, numAlgs = 0; for (count = 0; count < be32_to_cpu(tpm20_pcr_selection->count); count++) { u8 sizeOfSelect = sel->sizeOfSelect; @@ -344,6 +350,12 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian) if (nsel > end) break; + /* PCR 0-7 unused? -- skip */ + if (!sizeOfSelect || sel->pcrSelect[0] == 0) { + sel = nsel; + continue; + } + int hsize = tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg)); if (hsize < 0) { dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n", @@ -368,6 +380,8 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian) dest += sizeof(*v) + hsize; sel = nsel; + + numAlgs++; } if (sel != end) { @@ -377,9 +391,9 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian) struct tpm2_digest_values *v = (void*)le->hdr.digest; if (bigEndian) - v->count = cpu_to_be32(count); + v->count = cpu_to_be32(numAlgs); else - v->count = count; + v->count = numAlgs; return dest - (void*)le->hdr.digest; } |