Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/27769
Change subject: security/tpm: TCPA log follow up ......................................................................
security/tpm: TCPA log follow up
* Make tcpa_log_init static and remove init call * Fix tcpa_log_add_table_entry
Change-Id: I215d79eed7ad17c6ab87f0c4b14a282e519ef07d Signed-off-by: Philipp Deppenwiese zaolin@das-labor.org --- M src/commonlib/include/commonlib/tcpa_log_serialized.h M src/drivers/tpm/tpm.c M src/security/tpm/tspi.h M src/security/tpm/tspi/log.c M src/security/vboot/secdata_tpm.c 5 files changed, 18 insertions(+), 25 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/69/27769/1
diff --git a/src/commonlib/include/commonlib/tcpa_log_serialized.h b/src/commonlib/include/commonlib/tcpa_log_serialized.h index cd6fbec..6dfb566 100644 --- a/src/commonlib/include/commonlib/tcpa_log_serialized.h +++ b/src/commonlib/include/commonlib/tcpa_log_serialized.h @@ -29,7 +29,7 @@ uint32_t pcr; uint8_t digest[TCPA_DIGEST_MAX_LENGTH]; uint32_t digest_length; - uint8_t name[TCPA_PCR_HASH_NAME]; + char name[TCPA_PCR_HASH_NAME]; } __packed;
struct tcpa_table { diff --git a/src/drivers/tpm/tpm.c b/src/drivers/tpm/tpm.c index 8c68159..e4a81c3 100644 --- a/src/drivers/tpm/tpm.c +++ b/src/drivers/tpm/tpm.c @@ -30,9 +30,6 @@ #else tpm_setup(false); #endif - - // TCPA cbmem log - tcpa_log_init(); }
BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_ENTRY, init_tpm_dev, NULL); diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h index 94b53b0..e4ddefc 100644 --- a/src/security/tpm/tspi.h +++ b/src/security/tpm/tspi.h @@ -21,11 +21,6 @@ #include <commonlib/tcpa_log_serialized.h>
/** - * Setup TCPA cbmem log. - */ -void tcpa_log_init(void); - -/** * Add table entry for cbmem TCPA log. */ void tcpa_log_add_table_entry(const char *name, const uint32_t pcr, diff --git a/src/security/tpm/tspi/log.c b/src/security/tpm/tspi/log.c index 8ec4c6d..50a23d9 100644 --- a/src/security/tpm/tspi/log.c +++ b/src/security/tpm/tspi/log.c @@ -18,42 +18,41 @@ #include <console/console.h> #include <security/tpm/tspi.h>
-void tcpa_log_init(void) +static struct tcpa_table *tcpa_log_init(void) { const struct cbmem_entry *ce; - struct tcpa_table *tclt; + static struct tcpa_table *tclt;
if (!cbmem_possibly_online()) - return; + return NULL;
ce = cbmem_entry_find(CBMEM_ID_TCPA_LOG); if (ce) - return; + return NULL;
tclt = cbmem_add(CBMEM_ID_TCPA_LOG, sizeof(struct tcpa_table) + - MAX_TCPA_LOG_ENTRIES * - sizeof(struct tcpa_entry)); + MAX_TCPA_LOG_ENTRIES * + sizeof(struct tcpa_entry));
if (!tclt) - return; + return NULL;
tclt->max_entries = MAX_TCPA_LOG_ENTRIES; tclt->num_entries = 0;
printk(BIOS_DEBUG, "TCPA log created at %p\n", tclt); + + return tclt; }
void tcpa_log_add_table_entry(const char *name, const uint32_t pcr, const uint8_t *digest, const size_t digest_length) { - MAYBE_STATIC struct tcpa_table *tclt = NULL; + struct tcpa_table *tclt; struct tcpa_entry *tce;
- if (!cbmem_possibly_online()) - return; - - tclt = cbmem_find(CBMEM_ID_TCPA_LOG); + tclt = tcpa_log_init(); if (!tclt) { printk(BIOS_ERR, "ERROR: No TCPA log table found\n"); return; @@ -66,8 +65,13 @@
tce = &tclt->entries[tclt->num_entries++];
- memcpy(tce->name, name, TCPA_PCR_HASH_NAME); + strncpy(tce->name, name, TCPA_PCR_HASH_NAME); tce->pcr = pcr; + + if (digest_length > TCPA_DIGEST_MAX_LENGTH) { + printk(BIOS_WARNING, "ERROR: PCR digest too long for TCPA log entry\n"); + return; + } memcpy(tce->digest, digest, digest_length); tce->digest_length = digest_length; } diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index d3f4a11..c62f18b 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -451,9 +451,6 @@ if (result == TPM_E_MUST_REBOOT) ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
- // TCPA cbmem log - tcpa_log_init(); - return result; }
-
Philipp Deppenwiese (Code Review)