Werner Zeh has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/35645 )
Change subject: vboot: Fix wrong algorithm in TCPA log for BOOT_MODE ......................................................................
vboot: Fix wrong algorithm in TCPA log for BOOT_MODE
The hash algorithm for VBOOTs BOOT_MODE is fixed to sha1 but TCPA log uses sha256 as the name for the algorithm. This leads to an log entry with 20 bytes (sha1) while the algorithm is set to sha256 (which needs 32 bytes of hash). Fix it by using the matching algorithm name for BOOT_MODE.
Change-Id: Ia25938ac5f6c29f60a4819023b99f7796849f574 Signed-off-by: Werner Zeh werner.zeh@siemens.com --- M src/security/vboot/tpm_common.c 1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/45/35645/1
diff --git a/src/security/vboot/tpm_common.c b/src/security/vboot/tpm_common.c index 0a211c5..1db7189 100644 --- a/src/security/vboot/tpm_common.c +++ b/src/security/vboot/tpm_common.c @@ -46,7 +46,7 @@ switch (which_digest) { /* SHA1 of (devmode|recmode|keyblock) bits */ case BOOT_MODE_PCR: - return tpm_extend_pcr(pcr, VB2_HASH_SHA256, buffer, size, + return tpm_extend_pcr(pcr, VB2_HASH_SHA1, buffer, size, TPM_PCR_BOOT_MODE); /* SHA256 of HWID */ case HWID_DIGEST_PCR: