<p>Philipp Deppenwiese <strong>merged</strong> this change.</p><p><a href="https://review.coreboot.org/27757">View Change</a></p><div style="white-space:pre-wrap">Approvals:
build bot (Jenkins): Verified
Philipp Deppenwiese: Looks good to me, approved
Justin TerAvest: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">security/tpm/tspi: Set return type of tcpa_log_add_table_entry as void<br><br>Change f849972 (security/vboot: Enable TCPA log extension) enabled<br>support for adding TCPA log to CBMEM. However, if CBMEM is not online,<br>this function doesn't do anything and returns early. This condition is<br>not really a valid error condition as it depends on when the call to<br>tcpa_log_add_table_entry is made. Since tcpa_log_add_table_entry<br>returns -1 when cbmem is not online, tpm_extend_pcr prints an error<br>message with prefix "ERROR:". This can confuse any scripts trying to<br>catch errors in boot flow.<br><br>This CL makes the following changes:<br>1. Removes the print in tpm_extend_pcr since tcpa_log_add_table_entry<br>already prints out appropriate ERROR messages in case of failure to<br>add log entry.<br>2. Since the return value of tcpa_log_add_table_entry is not used<br>anymore, return type for tcpa_log_add_table_entry is changed to void.<br><br>BUG=b:112030232<br><br>Change-Id: I32d313609a3e57845e67059b3747b81b5c8adb2a<br>Signed-off-by: Furquan Shaikh <furquan@google.com><br>Reviewed-on: https://review.coreboot.org/27757<br>Tested-by: build bot (Jenkins) <no-reply@coreboot.org><br>Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com><br>Reviewed-by: Justin TerAvest <teravest@chromium.org><br>---<br>M src/security/tpm/tspi.h<br>M src/security/tpm/tspi/log.c<br>M src/security/tpm/tspi/tspi.c<br>3 files changed, 10 insertions(+), 13 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h</span><br><span>index 43254c1..94b53b0 100644</span><br><span>--- a/src/security/tpm/tspi.h</span><br><span>+++ b/src/security/tpm/tspi.h</span><br><span>@@ -28,8 +28,9 @@</span><br><span> /**</span><br><span> * Add table entry for cbmem TCPA log.</span><br><span> */</span><br><span style="color: hsl(0, 100%, 40%);">-int tcpa_log_add_table_entry(const char *name, const uint32_t pcr,</span><br><span style="color: hsl(0, 100%, 40%);">- const uint8_t *digest, const size_t digest_length);</span><br><span style="color: hsl(120, 100%, 40%);">+void tcpa_log_add_table_entry(const char *name, const uint32_t pcr,</span><br><span style="color: hsl(120, 100%, 40%);">+ const uint8_t *digest,</span><br><span style="color: hsl(120, 100%, 40%);">+ const size_t digest_length);</span><br><span> </span><br><span> /**</span><br><span> * Ask vboot for a digest and extend a TPM PCR with it.</span><br><span>diff --git a/src/security/tpm/tspi/log.c b/src/security/tpm/tspi/log.c</span><br><span>index 6091dfe..8ec4c6d 100644</span><br><span>--- a/src/security/tpm/tspi/log.c</span><br><span>+++ b/src/security/tpm/tspi/log.c</span><br><span>@@ -44,24 +44,24 @@</span><br><span> printk(BIOS_DEBUG, "TCPA log created at %p\n", tclt);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-int tcpa_log_add_table_entry(const char *name, const uint32_t pcr,</span><br><span style="color: hsl(0, 100%, 40%);">- const uint8_t *digest, const size_t digest_length)</span><br><span style="color: hsl(120, 100%, 40%);">+void tcpa_log_add_table_entry(const char *name, const uint32_t pcr,</span><br><span style="color: hsl(120, 100%, 40%);">+ const uint8_t *digest, const size_t digest_length)</span><br><span> {</span><br><span> MAYBE_STATIC struct tcpa_table *tclt = NULL;</span><br><span> struct tcpa_entry *tce;</span><br><span> </span><br><span> if (!cbmem_possibly_online())</span><br><span style="color: hsl(0, 100%, 40%);">- return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span> </span><br><span> tclt = cbmem_find(CBMEM_ID_TCPA_LOG);</span><br><span> if (!tclt) {</span><br><span> printk(BIOS_ERR, "ERROR: No TCPA log table found\n");</span><br><span style="color: hsl(0, 100%, 40%);">- return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span> }</span><br><span> </span><br><span> if (tclt->num_entries == tclt->max_entries) {</span><br><span> printk(BIOS_WARNING, "ERROR: TCPA log table is full\n");</span><br><span style="color: hsl(0, 100%, 40%);">- return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span> }</span><br><span> </span><br><span> tce = &tclt->entries[tclt->num_entries++];</span><br><span>@@ -70,6 +70,4 @@</span><br><span> tce->pcr = pcr;</span><br><span> memcpy(tce->digest, digest, digest_length);</span><br><span> tce->digest_length = digest_length;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- return 0;</span><br><span> }</span><br><span>diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c</span><br><span>index 48b6219..950e930 100644</span><br><span>--- a/src/security/tpm/tspi/tspi.c</span><br><span>+++ b/src/security/tpm/tspi/tspi.c</span><br><span>@@ -190,9 +190,7 @@</span><br><span> if (result != TPM_SUCCESS)</span><br><span> return result;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- result = tcpa_log_add_table_entry(name, pcr, digest, digest_len);</span><br><span style="color: hsl(0, 100%, 40%);">- if (result != 0)</span><br><span style="color: hsl(0, 100%, 40%);">- printk(BIOS_ERR, "ERROR: Couldn't create TCPA log entry\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ tcpa_log_add_table_entry(name, pcr, digest, digest_len);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_SUCCESS;</span><br><span> }</span><br><span></span><br></pre><p>To view, visit <a href="https://review.coreboot.org/27757">change 27757</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/27757"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: I32d313609a3e57845e67059b3747b81b5c8adb2a </div>
<div style="display:none"> Gerrit-Change-Number: 27757 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: Furquan Shaikh <furquan@google.com> </div>
<div style="display:none"> Gerrit-Reviewer: Aaron Durbin <adurbin@chromium.org> </div>
<div style="display:none"> Gerrit-Reviewer: Furquan Shaikh <furquan@google.com> </div>
<div style="display:none"> Gerrit-Reviewer: Justin TerAvest <teravest@chromium.org> </div>
<div style="display:none"> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org> </div>