[SeaBIOS] [PATCH v3 4/7] tpm: Extend tpm20_extend to support extending to multiple PCR banks
Stefan Berger
stefanb at linux.vnet.ibm.com
Wed Aug 10 04:23:36 CEST 2016
On 08/09/2016 01:36 PM, Kevin O'Connor wrote:
> On Fri, Aug 05, 2016 at 11:07:11AM -0400, Stefan Berger wrote:
>> Extend the tpm20_extend function to support extending a hash to
>> multiple PCR banks. The sha1 hash that's being extended into the
>> sha256 bank for example, will be filled with zero-bytes to the
>> size of a sha256 hash.
> [...]
>> @@ -573,7 +700,16 @@ tpm_add_measurement_to_log(u32 pcrindex, u32 event_type,
>> }
>> };
>> sha1(hashdata, hashdata_length, entry.digest.sha1);
>> - int ret = tpm_extend(entry.pcrindex, entry.digest.sha1);
>> +
>> + u8 buffer[MAX_TPML_DIGEST_VALUES_SIZE];
>> +
>> + int tdv_len = tpm_write_tpml_digest_values(buffer, sizeof(buffer),
>> + entry.digest.sha1, TPM2_ALG_SHA1);
>> + if (tdv_len < 0)
>> + return;
>> +
>> + struct tpml_digest_values *tdv = (struct tpml_digest_values *)buffer;
>> + int ret = tpm_extend(pcrindex, tdv, tdv_len);
>> if (ret) {
>> tpm_set_failure();
>> return;
> If the code introduced a new struct with the maximum sized log entry
> instead of declaring buffers of size MAX_TPML_DIGEST_VALUES_SIZE I
> think the code would be a little simpler. That new struct could then
> be used for both tpm_extend() and tpm_log_event() making patches 5-7
> simpler.
>
> See https://github.com/KevinOConnor/seabios/tree/testing for what I
> was thinking.
So I tested this and your code works just as well.
These data structures are a bit tricky and it takes a while to see how
for example the tpm_log_header is used for TPM 1.2 and TPM 2. I left a
comment in the patch on github. Maybe you could leave a comment in the
tpm_log_header datastructure stating that digest holds the SHA1 hash in
TPM 1.2 case and a tpm2_digest_values struct in TPM 2 case. Otherwise I
think you can merge this in.
Thanks,
Stefan
>
> -Kevin
>
More information about the SeaBIOS
mailing list