[PATCH 0/3] Some tcgbios related fixes and updates

List overview All Threads
Download

newer

older

[PATCH] acpi: add xsdt support

[PATCH v2 0/2] pci: add mmconfig...

Stefan Berger

27 Mar 2020 27 Mar '20

8:27 p.m.

This series of patches modifies the logging of events so that only active PCR banks are logged. An active PCR bank is recognized by the pcrSelect[0] being != 0.

The vendorInfoSize was assumed to be u32 but it is u8.

Prepare the tcgbios for SHA3 hash algorithms that may be supported by TPM2's some time in the future.

Stefan

Stefan Berger (3): tcgbios: Only write logs for PCRs that are in active PCR banks tcgbios: Fix the vendorInfoSize to be of type u8 tcgbios: Add support for SHA3 type of algorithms

src/std/tcg.h | 9 +++++++++ src/tcgbios.c | 56 +++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 52 insertions(+), 13 deletions(-)

-- 2.24.1

Show replies by date

Stefan Berger

27 Mar 27 Mar

8:27 p.m.

New subject: [PATCH 1/3] tcgbios: Only write logs for PCRs that are in active PCR banks

Only write the logs for those PCRs that are in active PCR banks. A PCR banks is assumed to be active if any of the BIOS relevant PCRs 0 - 7 is enabled, thus pcrSelect[0] != 0.

Signed-off-by: Stefan Berger stefanb@linux.ibm.com --- src/tcgbios.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/src/tcgbios.c b/src/tcgbios.c index 95c1e94..997da87 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -265,7 +265,7 @@ tpm20_write_EfiSpecIdEventStruct(void) struct tpms_pcr_selection *sel = tpm20_pcr_selection->selections; void *nsel, *end = (void*)tpm20_pcr_selection + tpm20_pcr_selection_size;

- u32 count; + u32 count, numAlgs = 0; for (count = 0; count < be32_to_cpu(tpm20_pcr_selection->count); count++) { u8 sizeOfSelect = sel->sizeOfSelect;

@@ -273,6 +273,11 @@ tpm20_write_EfiSpecIdEventStruct(void) if (nsel > end) break;

+ if (sel->pcrSelect[0] == 0) { + sel = nsel; + continue; + } + int hsize = tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg)); if (hsize < 0) { dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n", @@ -287,8 +292,9 @@ tpm20_write_EfiSpecIdEventStruct(void) return -1; }

- event.hdr.digestSizes[count].algorithmId = be16_to_cpu(sel->hashAlg); - event.hdr.digestSizes[count].digestSize = hsize; + event.hdr.digestSizes[numAlgs].algorithmId = be16_to_cpu(sel->hashAlg); + event.hdr.digestSizes[numAlgs].digestSize = hsize; + numAlgs++;

sel = nsel; } @@ -298,9 +304,9 @@ tpm20_write_EfiSpecIdEventStruct(void) return -1; }

- event.hdr.numberOfAlgorithms = count; + event.hdr.numberOfAlgorithms = numAlgs; int event_size = offsetof(struct TCG_EfiSpecIdEventStruct - , digestSizes[count]); + , digestSizes[numAlgs]); u32 *vendorInfoSize = (void*)&event + event_size; *vendorInfoSize = 0; event_size += sizeof(*vendorInfoSize); @@ -336,7 +342,7 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian) void *nsel, *end = (void*)tpm20_pcr_selection + tpm20_pcr_selection_size; void *dest = le->hdr.digest + sizeof(struct tpm2_digest_values);

- u32 count; + u32 count, numAlgs = 0; for (count = 0; count < be32_to_cpu(tpm20_pcr_selection->count); count++) { u8 sizeOfSelect = sel->sizeOfSelect;

@@ -344,6 +350,12 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian) if (nsel > end) break;

+ /* PCR 0-7 unused? -- skip */ + if (sel->pcrSelect[0] == 0) { + sel = nsel; + continue; + } + int hsize = tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg)); if (hsize < 0) { dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n", @@ -368,6 +380,8 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)

dest += sizeof(*v) + hsize; sel = nsel; + + numAlgs++; }

if (sel != end) { @@ -377,9 +391,9 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)

struct tpm2_digest_values *v = (void*)le->hdr.digest; if (bigEndian) - v->count = cpu_to_be32(count); + v->count = cpu_to_be32(numAlgs); else - v->count = count; + v->count = numAlgs;

return dest - (void*)le->hdr.digest; }

-- 2.24.1

Marc-André Lureau

29 Mar 29 Mar

4:34 a.m.

New subject: [PATCH 1/3] tcgbios: Only write logs for PCRs that are in active PCR banks

On Sat, Mar 28, 2020 at 5:02 AM Stefan Berger stefanb@linux.vnet.ibm.com wrote:

...

Only write the logs for those PCRs that are in active PCR banks. A PCR banks is assumed to be active if any of the BIOS relevant PCRs 0 - 7 is enabled, thus pcrSelect[0] != 0.

Signed-off-by: Stefan Berger stefanb@linux.ibm.com

Reviewed-by: Marc-André Lureau marcandre.lureau@redhat.com

...

src/tcgbios.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/src/tcgbios.c b/src/tcgbios.c index 95c1e94..997da87 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -265,7 +265,7 @@ tpm20_write_EfiSpecIdEventStruct(void) struct tpms_pcr_selection *sel = tpm20_pcr_selection->selections; void *nsel, *end = (void*)tpm20_pcr_selection + tpm20_pcr_selection_size;

u32 count;

u32 count, numAlgs = 0; for (count = 0; count < be32_to_cpu(tpm20_pcr_selection->count); count++) { u8 sizeOfSelect = sel->sizeOfSelect;

@@ -273,6 +273,11 @@ tpm20_write_EfiSpecIdEventStruct(void) if (nsel > end) break;
   if (sel->pcrSelect[0] == 0) {
       sel = nsel;
       continue;
   }
   int hsize = tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg));
   if (hsize < 0) {
       dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n",
@@ -287,8 +292,9 @@ tpm20_write_EfiSpecIdEventStruct(void) return -1; }
   event.hdr.digestSizes[count].algorithmId = be16_to_cpu(sel->hashAlg);
   event.hdr.digestSizes[count].digestSize = hsize;
   event.hdr.digestSizes[numAlgs].algorithmId = be16_to_cpu(sel->hashAlg);
   event.hdr.digestSizes[numAlgs].digestSize = hsize;
   numAlgs++;

   sel = nsel;
}
@@ -298,9 +304,9 @@ tpm20_write_EfiSpecIdEventStruct(void) return -1; }

event.hdr.numberOfAlgorithms = count;

event.hdr.numberOfAlgorithms = numAlgs; int event_size = offsetof(struct TCG_EfiSpecIdEventStruct
                         , digestSizes[count]);
                         , digestSizes[numAlgs]);
u32 *vendorInfoSize = (void*)&event + event_size; *vendorInfoSize = 0; event_size += sizeof(*vendorInfoSize);
@@ -336,7 +342,7 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian) void *nsel, *end = (void*)tpm20_pcr_selection + tpm20_pcr_selection_size; void *dest = le->hdr.digest + sizeof(struct tpm2_digest_values);

u32 count;

u32 count, numAlgs = 0; for (count = 0; count < be32_to_cpu(tpm20_pcr_selection->count); count++) { u8 sizeOfSelect = sel->sizeOfSelect;

@@ -344,6 +350,12 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian) if (nsel > end) break;
   /* PCR 0-7 unused? -- skip */
   if (sel->pcrSelect[0] == 0) {
       sel = nsel;
       continue;
   }
   int hsize = tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg));
   if (hsize < 0) {
       dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n",
@@ -368,6 +380,8 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)
     dest += sizeof(*v) + hsize;
     sel = nsel;
   numAlgs++;
}

if (sel != end) {
@@ -377,9 +391,9 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)
 struct tpm2_digest_values *v = (void*)le->hdr.digest;
 if (bigEndian)
   v->count = cpu_to_be32(count);
   v->count = cpu_to_be32(numAlgs);
else
   v->count = count;
   v->count = numAlgs;
return dest - (void*)le->hdr.digest;
}

2.24.1 _______________________________________________ SeaBIOS mailing list -- seabios@seabios.org To unsubscribe send an email to seabios-leave@seabios.org

Stefan Berger

27 Mar 27 Mar

8:27 p.m.

New subject: [PATCH 2/3] tcgbios: Fix the vendorInfoSize to be of type u8

The vendorInfoSize is a u8 rather than a u32.

Signed-off-by: Stefan Berger stefanb@linux.ibm.com --- src/tcgbios.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tcgbios.c b/src/tcgbios.c index 997da87..99005b9 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -287,7 +287,7 @@ tpm20_write_EfiSpecIdEventStruct(void)

int event_size = offsetof(struct TCG_EfiSpecIdEventStruct , digestSizes[count+1]); - if (event_size > sizeof(event) - sizeof(u32)) { + if (event_size > sizeof(event) - sizeof(u8)) { dprintf(DEBUG_tcg, "EfiSpecIdEventStruct pad too small\n"); return -1; } @@ -307,7 +307,7 @@ tpm20_write_EfiSpecIdEventStruct(void) event.hdr.numberOfAlgorithms = numAlgs; int event_size = offsetof(struct TCG_EfiSpecIdEventStruct , digestSizes[numAlgs]); - u32 *vendorInfoSize = (void*)&event + event_size; + u8 *vendorInfoSize = (void*)&event + event_size; *vendorInfoSize = 0; event_size += sizeof(*vendorInfoSize);

-- 2.24.1

Marc-André Lureau

29 Mar 29 Mar

4:33 a.m.

New subject: [PATCH 2/3] tcgbios: Fix the vendorInfoSize to be of type u8

On Sat, Mar 28, 2020 at 5:30 AM Stefan Berger stefanb@linux.vnet.ibm.com wrote:

...

The vendorInfoSize is a u8 rather than a u32.

Signed-off-by: Stefan Berger stefanb@linux.ibm.com

Reviewed-by: Marc-André Lureau marcandre.lureau@redhat.com

...

src/tcgbios.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tcgbios.c b/src/tcgbios.c index 997da87..99005b9 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -287,7 +287,7 @@ tpm20_write_EfiSpecIdEventStruct(void)
     int event_size = offsetof(struct TCG_EfiSpecIdEventStruct
                               , digestSizes[count+1]);
   if (event_size > sizeof(event) - sizeof(u32)) {
   if (event_size > sizeof(event) - sizeof(u8)) {
       dprintf(DEBUG_tcg, "EfiSpecIdEventStruct pad too small\n");
       return -1;
   }
@@ -307,7 +307,7 @@ tpm20_write_EfiSpecIdEventStruct(void) event.hdr.numberOfAlgorithms = numAlgs; int event_size = offsetof(struct TCG_EfiSpecIdEventStruct , digestSizes[numAlgs]);

u32 *vendorInfoSize = (void*)&event + event_size;

u8 *vendorInfoSize = (void*)&event + event_size; *vendorInfoSize = 0; event_size += sizeof(*vendorInfoSize);

-- 2.24.1 _______________________________________________ SeaBIOS mailing list -- seabios@seabios.org To unsubscribe send an email to seabios-leave@seabios.org

Stefan Berger

27 Mar 27 Mar

8:27 p.m.

New subject: [PATCH 3/3] tcgbios: Add support for SHA3 type of algorithms

Add support for SHA3 type of algorithms that a TPM2 may support some time in the future.

Signed-off-by: Stefan Berger stefanb@linux.ibm.com --- src/std/tcg.h | 9 +++++++++ src/tcgbios.c | 22 +++++++++++++++++++--- 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/src/std/tcg.h b/src/std/tcg.h index 1c9eeb4..98cca49 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -8,6 +8,9 @@ #define SHA384_BUFSIZE 48 #define SHA512_BUFSIZE 64 #define SM3_256_BUFSIZE 32 +#define SHA3_256_BUFSIZE 32 +#define SHA3_384_BUFSIZE 48 +#define SHA3_512_BUFSIZE 64

/**************************************************************** @@ -335,12 +338,18 @@ struct tpm_res_sha1complete { #define TPM2_ALG_SHA384 0x000c #define TPM2_ALG_SHA512 0x000d #define TPM2_ALG_SM3_256 0x0012 +#define TPM2_ALG_SHA3_256 0x0027 +#define TPM2_ALG_SHA3_384 0x0028 +#define TPM2_ALG_SHA3_512 0x0029

#define TPM2_ALG_SHA1_FLAG (1 << 0) #define TPM2_ALG_SHA256_FLAG (1 << 1) #define TPM2_ALG_SHA384_FLAG (1 << 2) #define TPM2_ALG_SHA512_FLAG (1 << 3) #define TPM2_ALG_SM3_256_FLAG (1 << 4) +#define TPM2_ALG_SHA3_256_FLAG (1 << 5) +#define TPM2_ALG_SHA3_384_FLAG (1 << 6) +#define TPM2_ALG_SHA3_512_FLAG (1 << 7)

/* TPM 2 command tags */ #define TPM2_ST_NO_SESSIONS 0x8001 diff --git a/src/tcgbios.c b/src/tcgbios.c index 99005b9..25ae0c8 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -156,9 +156,10 @@ static struct tpml_pcr_selection *tpm20_pcr_selection; struct tpm_log_entry { struct tpm_log_header hdr; u8 pad[sizeof(struct tpm2_digest_values) - + 5 * sizeof(struct tpm2_digest_value) + + 8 * sizeof(struct tpm2_digest_value) + SHA1_BUFSIZE + SHA256_BUFSIZE + SHA384_BUFSIZE - + SHA512_BUFSIZE + SM3_256_BUFSIZE]; + + SHA512_BUFSIZE + SM3_256_BUFSIZE + SHA3_256_BUFSIZE + + SHA3_384_BUFSIZE + SHA3_512_BUFSIZE]; } PACKED;

static const struct hash_parameters { @@ -192,6 +193,21 @@ static const struct hash_parameters { .hashalg_flag = TPM2_ALG_SM3_256_FLAG, .hash_buffersize = SM3_256_BUFSIZE, .name = "SM3-256", + }, { + .hashalg = TPM2_ALG_SHA3_256, + .hashalg_flag = TPM2_ALG_SHA3_256_FLAG, + .hash_buffersize = SHA3_256_BUFSIZE, + .name = "SHA3-256", + }, { + .hashalg = TPM2_ALG_SHA3_384, + .hashalg_flag = TPM2_ALG_SHA3_384_FLAG, + .hash_buffersize = SHA3_384_BUFSIZE, + .name = "SHA3-384", + }, { + .hashalg = TPM2_ALG_SHA3_512, + .hashalg_flag = TPM2_ALG_SHA3_512_FLAG, + .hash_buffersize = SHA3_512_BUFSIZE, + .name = "SHA3-512", } };

@@ -252,7 +268,7 @@ tpm20_write_EfiSpecIdEventStruct(void)

struct { struct TCG_EfiSpecIdEventStruct hdr; - u8 pad[256]; + u8 pad[sizeof(struct tpm_log_entry)]; } event = { .hdr.signature = "Spec ID Event03", .hdr.platformClass = TPM_TCPA_ACPI_CLASS_CLIENT,

-- 2.24.1

Marc-André Lureau

29 Mar 29 Mar

4:33 a.m.

New subject: [PATCH 3/3] tcgbios: Add support for SHA3 type of algorithms

On Sat, Mar 28, 2020 at 5:26 AM Stefan Berger stefanb@linux.vnet.ibm.com wrote:

...

Add support for SHA3 type of algorithms that a TPM2 may support some time in the future.

Signed-off-by: Stefan Berger stefanb@linux.ibm.com

Those were assigned in "TCG Algorithm Registry" 1.27, 09.26.2017 https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/

Reviewed-by: Marc-André Lureau marcandre.lureau@redhat.com

...

src/std/tcg.h | 9 +++++++++ src/tcgbios.c | 22 +++++++++++++++++++--- 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/src/std/tcg.h b/src/std/tcg.h index 1c9eeb4..98cca49 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -8,6 +8,9 @@ #define SHA384_BUFSIZE 48 #define SHA512_BUFSIZE 64 #define SM3_256_BUFSIZE 32 +#define SHA3_256_BUFSIZE 32 +#define SHA3_384_BUFSIZE 48 +#define SHA3_512_BUFSIZE 64

/**************************************************************** @@ -335,12 +338,18 @@ struct tpm_res_sha1complete { #define TPM2_ALG_SHA384 0x000c #define TPM2_ALG_SHA512 0x000d #define TPM2_ALG_SM3_256 0x0012 +#define TPM2_ALG_SHA3_256 0x0027 +#define TPM2_ALG_SHA3_384 0x0028 +#define TPM2_ALG_SHA3_512 0x0029

#define TPM2_ALG_SHA1_FLAG (1 << 0) #define TPM2_ALG_SHA256_FLAG (1 << 1) #define TPM2_ALG_SHA384_FLAG (1 << 2) #define TPM2_ALG_SHA512_FLAG (1 << 3) #define TPM2_ALG_SM3_256_FLAG (1 << 4) +#define TPM2_ALG_SHA3_256_FLAG (1 << 5) +#define TPM2_ALG_SHA3_384_FLAG (1 << 6) +#define TPM2_ALG_SHA3_512_FLAG (1 << 7)

/* TPM 2 command tags */ #define TPM2_ST_NO_SESSIONS 0x8001 diff --git a/src/tcgbios.c b/src/tcgbios.c index 99005b9..25ae0c8 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -156,9 +156,10 @@ static struct tpml_pcr_selection *tpm20_pcr_selection; struct tpm_log_entry { struct tpm_log_header hdr; u8 pad[sizeof(struct tpm2_digest_values)
      + 5 * sizeof(struct tpm2_digest_value)
      + 8 * sizeof(struct tpm2_digest_value)
      + SHA1_BUFSIZE + SHA256_BUFSIZE + SHA384_BUFSIZE
      + SHA512_BUFSIZE + SM3_256_BUFSIZE];
      + SHA512_BUFSIZE + SM3_256_BUFSIZE + SHA3_256_BUFSIZE
      + SHA3_384_BUFSIZE + SHA3_512_BUFSIZE];
} PACKED;

static const struct hash_parameters { @@ -192,6 +193,21 @@ static const struct hash_parameters { .hashalg_flag = TPM2_ALG_SM3_256_FLAG, .hash_buffersize = SM3_256_BUFSIZE, .name = "SM3-256",
}, {
   .hashalg = TPM2_ALG_SHA3_256,
   .hashalg_flag = TPM2_ALG_SHA3_256_FLAG,
   .hash_buffersize = SHA3_256_BUFSIZE,
   .name = "SHA3-256",
}, {
   .hashalg = TPM2_ALG_SHA3_384,
   .hashalg_flag = TPM2_ALG_SHA3_384_FLAG,
   .hash_buffersize = SHA3_384_BUFSIZE,
   .name = "SHA3-384",
}, {
   .hashalg = TPM2_ALG_SHA3_512,
   .hashalg_flag = TPM2_ALG_SHA3_512_FLAG,
   .hash_buffersize = SHA3_512_BUFSIZE,
   .name = "SHA3-512",
}
};

@@ -252,7 +268,7 @@ tpm20_write_EfiSpecIdEventStruct(void)
 struct {
     struct TCG_EfiSpecIdEventStruct hdr;
   u8 pad[256];
   u8 pad[sizeof(struct tpm_log_entry)];
} event = { .hdr.signature = "Spec ID Event03", .hdr.platformClass = TPM_TCPA_ACPI_CLASS_CLIENT,
-- 2.24.1 _______________________________________________ SeaBIOS mailing list -- seabios@seabios.org To unsubscribe send an email to seabios-leave@seabios.org

Stefan Berger

4:21 p.m.

New subject: [PATCH 3/3] tcgbios: Add support for SHA3 type of algorithms

On 3/27/20 11:27 PM, Stefan Berger wrote:

...

Add support for SHA3 type of algorithms that a TPM2 may support some time in the future.

Signed-off-by: Stefan Berger stefanb@linux.ibm.com

src/std/tcg.h | 9 +++++++++ src/tcgbios.c | 22 +++++++++++++++++++--- 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/src/std/tcg.h b/src/std/tcg.h index 1c9eeb4..98cca49 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -8,6 +8,9 @@ #define SHA384_BUFSIZE 48 #define SHA512_BUFSIZE 64 #define SM3_256_BUFSIZE 32 +#define SHA3_256_BUFSIZE 32 +#define SHA3_384_BUFSIZE 48 +#define SHA3_512_BUFSIZE 64

/**************************************************************** @@ -335,12 +338,18 @@ struct tpm_res_sha1complete { #define TPM2_ALG_SHA384 0x000c #define TPM2_ALG_SHA512 0x000d #define TPM2_ALG_SM3_256 0x0012 +#define TPM2_ALG_SHA3_256 0x0027 +#define TPM2_ALG_SHA3_384 0x0028 +#define TPM2_ALG_SHA3_512 0x0029

#define TPM2_ALG_SHA1_FLAG (1 << 0) #define TPM2_ALG_SHA256_FLAG (1 << 1) #define TPM2_ALG_SHA384_FLAG (1 << 2) #define TPM2_ALG_SHA512_FLAG (1 << 3) #define TPM2_ALG_SM3_256_FLAG (1 << 4) +#define TPM2_ALG_SHA3_256_FLAG (1 << 5) +#define TPM2_ALG_SHA3_384_FLAG (1 << 6) +#define TPM2_ALG_SHA3_512_FLAG (1 << 7)

/* TPM 2 command tags */ #define TPM2_ST_NO_SESSIONS 0x8001 diff --git a/src/tcgbios.c b/src/tcgbios.c index 99005b9..25ae0c8 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -156,9 +156,10 @@ static struct tpml_pcr_selection *tpm20_pcr_selection; struct tpm_log_entry { struct tpm_log_header hdr; u8 pad[sizeof(struct tpm2_digest_values)
      + 5 * sizeof(struct tpm2_digest_value)
      + 8 * sizeof(struct tpm2_digest_value)
       + SHA1_BUFSIZE + SHA256_BUFSIZE + SHA384_BUFSIZE
      + SHA512_BUFSIZE + SM3_256_BUFSIZE];
      + SHA512_BUFSIZE + SM3_256_BUFSIZE + SHA3_256_BUFSIZE
      + SHA3_384_BUFSIZE + SHA3_512_BUFSIZE];
} PACKED;

static const struct hash_parameters {
@@ -192,6 +193,21 @@ static const struct hash_parameters { .hashalg_flag = TPM2_ALG_SM3_256_FLAG, .hash_buffersize = SM3_256_BUFSIZE, .name = "SM3-256",
}, {
   .hashalg = TPM2_ALG_SHA3_256,
   .hashalg_flag = TPM2_ALG_SHA3_256_FLAG,
   .hash_buffersize = SHA3_256_BUFSIZE,
   .name = "SHA3-256",
}, {
   .hashalg = TPM2_ALG_SHA3_384,
   .hashalg_flag = TPM2_ALG_SHA3_384_FLAG,
   .hash_buffersize = SHA3_384_BUFSIZE,
   .name = "SHA3-384",
}, {
   .hashalg = TPM2_ALG_SHA3_512,
   .hashalg_flag = TPM2_ALG_SHA3_512_FLAG,
   .hash_buffersize = SHA3_512_BUFSIZE,
   .name = "SHA3-512",
}
};
@@ -252,7 +268,7 @@ tpm20_write_EfiSpecIdEventStruct(void)
  struct {
      struct TCG_EfiSpecIdEventStruct hdr;
   u8 pad[256];
   u8 pad[sizeof(struct tpm_log_entry)];

This is missing a '+ sizeof(u8)' for the vendorInfoSize field. I'll post v2 tomorrow. Also, I posted a similar series of patches on SLOF mailing list as well.

Stefan

...

  } event = {
      .hdr.signature = "Spec ID Event03",
      .hdr.platformClass = TPM_TCPA_ACPI_CLASS_CLIENT,

Kevin O'Connor

5:52 p.m.

New subject: [PATCH 3/3] tcgbios: Add support for SHA3 type of algorithms

On Sun, Mar 29, 2020 at 07:21:41PM -0400, Stefan Berger wrote:

...

On 3/27/20 11:27 PM, Stefan Berger wrote:

...
Add support for SHA3 type of algorithms that a TPM2 may support some time in the future.

Signed-off-by: Stefan Berger stefanb@linux.ibm.com

src/std/tcg.h | 9 +++++++++ src/tcgbios.c | 22 +++++++++++++++++++--- 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/src/std/tcg.h b/src/std/tcg.h index 1c9eeb4..98cca49 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -8,6 +8,9 @@ #define SHA384_BUFSIZE 48 #define SHA512_BUFSIZE 64 #define SM3_256_BUFSIZE 32 +#define SHA3_256_BUFSIZE 32 +#define SHA3_384_BUFSIZE 48 +#define SHA3_512_BUFSIZE 64 /**************************************************************** @@ -335,12 +338,18 @@ struct tpm_res_sha1complete { #define TPM2_ALG_SHA384 0x000c #define TPM2_ALG_SHA512 0x000d #define TPM2_ALG_SM3_256 0x0012 +#define TPM2_ALG_SHA3_256 0x0027 +#define TPM2_ALG_SHA3_384 0x0028 +#define TPM2_ALG_SHA3_512 0x0029 #define TPM2_ALG_SHA1_FLAG (1 << 0) #define TPM2_ALG_SHA256_FLAG (1 << 1) #define TPM2_ALG_SHA384_FLAG (1 << 2) #define TPM2_ALG_SHA512_FLAG (1 << 3) #define TPM2_ALG_SM3_256_FLAG (1 << 4) +#define TPM2_ALG_SHA3_256_FLAG (1 << 5) +#define TPM2_ALG_SHA3_384_FLAG (1 << 6) +#define TPM2_ALG_SHA3_512_FLAG (1 << 7) /* TPM 2 command tags */ #define TPM2_ST_NO_SESSIONS 0x8001 diff --git a/src/tcgbios.c b/src/tcgbios.c index 99005b9..25ae0c8 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -156,9 +156,10 @@ static struct tpml_pcr_selection *tpm20_pcr_selection; struct tpm_log_entry { struct tpm_log_header hdr; u8 pad[sizeof(struct tpm2_digest_values)
      + 5 * sizeof(struct tpm2_digest_value)
      + 8 * sizeof(struct tpm2_digest_value)
       + SHA1_BUFSIZE + SHA256_BUFSIZE + SHA384_BUFSIZE
      + SHA512_BUFSIZE + SM3_256_BUFSIZE];
      + SHA512_BUFSIZE + SM3_256_BUFSIZE + SHA3_256_BUFSIZE
      + SHA3_384_BUFSIZE + SHA3_512_BUFSIZE];
} PACKED; static const struct hash_parameters {
@@ -192,6 +193,21 @@ static const struct hash_parameters { .hashalg_flag = TPM2_ALG_SM3_256_FLAG, .hash_buffersize = SM3_256_BUFSIZE, .name = "SM3-256",
}, {
   .hashalg = TPM2_ALG_SHA3_256,
   .hashalg_flag = TPM2_ALG_SHA3_256_FLAG,
   .hash_buffersize = SHA3_256_BUFSIZE,
   .name = "SHA3-256",
}, {
   .hashalg = TPM2_ALG_SHA3_384,
   .hashalg_flag = TPM2_ALG_SHA3_384_FLAG,
   .hash_buffersize = SHA3_384_BUFSIZE,
   .name = "SHA3-384",
}, {
   .hashalg = TPM2_ALG_SHA3_512,
   .hashalg_flag = TPM2_ALG_SHA3_512_FLAG,
   .hash_buffersize = SHA3_512_BUFSIZE,
   .name = "SHA3-512",
}
};
@@ -252,7 +268,7 @@ tpm20_write_EfiSpecIdEventStruct(void) struct { struct TCG_EfiSpecIdEventStruct hdr;
   u8 pad[256];
   u8 pad[sizeof(struct tpm_log_entry)];
This is missing a '+ sizeof(u8)' for the vendorInfoSize field. I'll post v2 tomorrow. Also, I posted a similar series of patches on SLOF mailing list as well.

Okay, thanks. FYI, the patch series looks fine to me.

-Kevin

1698

days inactive

1700

days old

seabios@seabios.org

8 comments

4 participants

tags (0)

participants (4)

Kevin O'Connor
Marc-André Lureau
Stefan Berger
Stefan Berger