[SeaBIOS] [PATCH v3 0/7] tpm: Extend PCRs in all available PCR banks

Stefan Berger stefanb at linux.vnet.ibm.com
Fri Aug 5 17:07:07 CEST 2016


This series of patches extends the TPM2 code to extend the BIOS related
PCRs 0-7 in all available banks. This prevents that these PCRs remain
untouched and filled with bogus values by applications. For example, the
SHA1 hash is extended into the SHA256 bank. The value that is extended
into this bank is essentially a SHA1 with zero bytes used for filling it to
the size of a sha256 hash. This is done for all PCR banks of the TPM2
where these PCRs are available.

v2->v3:
 - Following Kevin's comments; would defer split-up of code in tcgbios.c
   to a later time

v1->v2:
 - extended the log functions for logging the additional hashes. This added
   more patches to this series

Regards,
   Stefan

Stefan Berger (7):
  tpm: Retrieve the PCR Bank configuration
  tpm: Restructure tpm20_extend to use buffer and take hash as parameter
  tpm: Refactor tpml_digest_values_sha1 structure
  tpm: Extend tpm20_extend to support extending to multiple PCR banks
  tpm: Move tpm_log_init to a later point
  tpm: Adjust the TPM2 log header to show all hashes
  tpm: Append to TPM2 log the hashes used for PCR extension

 src/std/tcg.h |  86 +++++++++++--
 src/tcgbios.c | 404 ++++++++++++++++++++++++++++++++++++++++++++++++++--------
 2 files changed, 421 insertions(+), 69 deletions(-)

-- 
2.5.5




More information about the SeaBIOS mailing list