[SeaBIOS] [PATCH v3 4/7] tpm: Extend tpm20_extend to support extending to multiple PCR banks

[Stefan Berger]

On 08/09/2016 01:36 PM, Kevin O'Connor wrote:
> On Fri, Aug 05, 2016 at 11:07:11AM -0400, Stefan Berger wrote:
>> Extend the tpm20_extend function to support extending a hash to
>> multiple PCR banks. The sha1 hash that's being extended into the
>> sha256 bank for example, will be filled with zero-bytes to the
>> size of a sha256 hash.
> [...]
>> @@ -573,7 +700,16 @@ tpm_add_measurement_to_log(u32 pcrindex, u32 event_type,
>>           }
>>       };
>>       sha1(hashdata, hashdata_length, entry.digest.sha1);
>> -    int ret = tpm_extend(entry.pcrindex, entry.digest.sha1);
>> +
>> +    u8 buffer[MAX_TPML_DIGEST_VALUES_SIZE];
>> +
>> +    int tdv_len = tpm_write_tpml_digest_values(buffer, sizeof(buffer),
>> +        entry.digest.sha1, TPM2_ALG_SHA1);
>> +    if (tdv_len < 0)
>> +        return;
>> +
>> +    struct tpml_digest_values *tdv = (struct tpml_digest_values *)buffer;
>> +    int ret = tpm_extend(pcrindex, tdv, tdv_len);
>>       if (ret) {
>>           tpm_set_failure();
>>           return;
> If the code introduced a new struct with the maximum sized log entry
> instead of declaring buffers of size MAX_TPML_DIGEST_VALUES_SIZE I
> think the code would be a little simpler.  That new struct could then
> be used for both tpm_extend() and tpm_log_event() making patches 5-7
> simpler.
>
> See https://github.com/KevinOConnor/seabios/tree/testing for what I
> was thinking.

So I tested this and your code works just as well.
These data structures are a bit tricky and it takes a while to see how 
for example the tpm_log_header is used for TPM 1.2 and TPM 2. I left a 
comment in the patch on github. Maybe you could leave a comment in the 
tpm_log_header datastructure stating that digest holds the SHA1 hash in 
TPM 1.2 case and a tpm2_digest_values struct in TPM 2 case. Otherwise I 
think you can merge this in.

Thanks,
    Stefan


>
> -Kevin
>