[SeaBIOS] [PATCH 2/3] tpm: Restructure tpm20_extend to use buffer and take hash as parameter

Stefan Berger stefanb at linux.vnet.ibm.com
Tue Jul 19 19:41:55 CEST 2016


Restructure the tpm20_extend function to use a buffer for the
command to send to the TPM. The size of the buffer is calculated
from the size of tpm2_req_extend structure and the appended SHA1
hash.

Add the hash algorithm that's being used as a parameter to this
function.

Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
 src/std/tcg.h |  2 +-
 src/tcgbios.c | 33 ++++++++++++++++++---------------
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/src/std/tcg.h b/src/std/tcg.h
index d60ee09..1644684 100644
--- a/src/std/tcg.h
+++ b/src/std/tcg.h
@@ -442,7 +442,6 @@ struct tpm2_req_hierarchychangeauth {
 } PACKED;
 
 struct tpm2_digest_value {
-    u32 count; /* 1 entry only */
     u16 hashalg; /* TPM2_ALG_SHA1 */
     u8 sha1[SHA1_BUFSIZE];
 } PACKED;
@@ -452,6 +451,7 @@ struct tpm2_req_extend {
     u32 pcrindex;
     u32 authblocksize;
     struct tpm2_authblock authblock;
+    u32 count;
     struct tpm2_digest_value digest;
 } PACKED;
 
diff --git a/src/tcgbios.c b/src/tcgbios.c
index a79b880..72ae3c6 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -446,31 +446,34 @@ tpm12_extend(u32 pcrindex, const u8 *digest)
     return 0;
 }
 
-static int tpm20_extend(u32 pcrindex, const u8 *digest)
+static int tpm20_extend(u32 pcrindex, const u8 *digest, u16 hashAlg)
 {
-    struct tpm2_req_extend tre = {
+    struct tpm2_req_extend tmp_tre = {
         .hdr.tag     = cpu_to_be16(TPM2_ST_SESSIONS),
-        .hdr.totlen  = cpu_to_be32(sizeof(tre)),
+        .hdr.totlen  = cpu_to_be32(sizeof(tmp_tre)),
         .hdr.ordinal = cpu_to_be32(TPM2_CC_PCR_Extend),
         .pcrindex    = cpu_to_be32(pcrindex),
-        .authblocksize = cpu_to_be32(sizeof(tre.authblock)),
+        .authblocksize = cpu_to_be32(sizeof(tmp_tre.authblock)),
         .authblock = {
             .handle = cpu_to_be32(TPM2_RS_PW),
             .noncesize = cpu_to_be16(0),
             .contsession = TPM2_YES,
             .pwdsize = cpu_to_be16(0),
         },
-        .digest = {
-            .count = cpu_to_be32(1),
-            .hashalg = cpu_to_be16(TPM2_ALG_SHA1),
-        },
     };
-    memcpy(tre.digest.sha1, digest, sizeof(tre.digest.sha1));
+    u32 count = 1;
+    u8 buffer[sizeof(tmp_tre) + sizeof(struct tpm2_digest_value)];
+    struct tpm2_req_extend *tre = (struct tpm2_req_extend *)buffer;
+
+    memcpy(tre, &tmp_tre, sizeof(tmp_tre));
+    tre->count = cpu_to_be32(count);
+    tre->digest.hashalg = cpu_to_be16(hashAlg);
+    memcpy(tre->digest.sha1, digest, sizeof(tmp_tre.digest.sha1));
 
     struct tpm_rsp_header rsp;
     u32 resp_length = sizeof(rsp);
-    int ret = tpmhw_transmit(0, &tre.hdr, &rsp, &resp_length,
-                             TPM_DURATION_TYPE_SHORT);
+    int ret = tpmhw_transmit(0, &tre->hdr, &rsp, &resp_length,
+                              TPM_DURATION_TYPE_SHORT);
     if (ret || resp_length != sizeof(rsp) || rsp.errcode)
         return -1;
 
@@ -478,13 +481,13 @@ static int tpm20_extend(u32 pcrindex, const u8 *digest)
 }
 
 static int
-tpm_extend(u32 pcrindex, const u8 *digest)
+tpm_extend(u32 pcrindex, const u8 *digest, u16 hashAlg)
 {
     switch (TPM_version) {
     case TPM_VERSION_1_2:
         return tpm12_extend(pcrindex, digest);
     case TPM_VERSION_2:
-        return tpm20_extend(pcrindex, digest);
+        return tpm20_extend(pcrindex, digest, hashAlg);
     }
     return -1;
 }
@@ -517,7 +520,7 @@ tpm_add_measurement_to_log(u32 pcrindex, u32 event_type,
         .digests[0].hashtype  = TPM2_ALG_SHA1,
     };
     sha1(hashdata, hashdata_length, entry.digests[0].sha1);
-    int ret = tpm_extend(entry.pcrindex, entry.digests[0].sha1);
+    int ret = tpm_extend(entry.pcrindex, entry.digests[0].sha1, TPM2_ALG_SHA1);
     if (ret) {
         tpm_set_failure();
         return;
@@ -1093,7 +1096,7 @@ hash_log_extend(struct pcpes *pcpes, const void *hashdata, u32 hashdata_length
     if (hashdata)
         sha1(hashdata, hashdata_length, pcpes->digest);
     if (extend) {
-        int ret = tpm_extend(pcpes->pcrindex, pcpes->digest);
+        int ret = tpm_extend(pcpes->pcrindex, pcpes->digest, TPM2_ALG_SHA1);
         if (ret)
             return TCG_TCG_COMMAND_ERROR;
     }
-- 
2.5.5




More information about the SeaBIOS mailing list