[SeaBIOS] [PATCH 1/2] tpm: Unify tpm_fill_hash()/tpm_log_extend_event() and use in BIOS interface
Stefan Berger
stefanb at linux.vnet.ibm.com
Mon Feb 8 13:19:27 CET 2016
On 02/06/2016 01:35 PM, Kevin O'Connor wrote:
> Don't call tpm_fill_hash() or tpm_log_extend_event() from any internal
> code (ie, tpm_add_measurement_to_log). The internal code does not
> require the additional checks that these functions provide.
>
> Unify the tpm_fill_hash() and tpm_log_extend_event() into a new
> function hash_log_extend(), and use this function only in the 16bit
> BIOS interface code. With the code now specific to the BIOS interface
> it can more easily return a BIOS specific error return code.
>
> Signed-off-by: Kevin O'Connor <kevin at koconnor.net>
> ---
> src/tcgbios.c | 77 ++++++++++++++++++++++++++++-------------------------------
> 1 file changed, 36 insertions(+), 41 deletions(-)
>
> diff --git a/src/tcgbios.c b/src/tcgbios.c
> index d6010c1..cddc99b 100644
> --- a/src/tcgbios.c
> +++ b/src/tcgbios.c
> @@ -428,9 +428,6 @@ static int tpm20_extend(u32 pcrindex, const u8 *digest)
> static int
> tpm_extend(u32 pcrindex, const u8 *digest)
> {
> - if (pcrindex >= 24)
> - return -1;
> -
> switch (TPM_version) {
> case TPM_VERSION_1_2:
> return tpm12_extend(pcrindex, digest);
> @@ -440,23 +437,6 @@ tpm_extend(u32 pcrindex, const u8 *digest)
> return -1;
> }
>
> -static int
> -tpm_log_extend_event(struct pcpes *pcpes, const void *event)
> -{
> - int ret = tpm_extend(pcpes->pcrindex, pcpes->digest);
> - if (ret)
> - return -1;
> -
> - return tpm_log_event(pcpes, event);
> -}
> -
> -static void
> -tpm_fill_hash(struct pcpes *pcpes, const void *hashdata, u32 hashdata_length)
> -{
> - if (hashdata)
> - sha1(hashdata, hashdata_length, pcpes->digest);
> -}
> -
> /*
> * Add a measurement to the log; the data at data_seg:data/length are
> * appended to the TCG_PCClientPCREventStruct
> @@ -482,10 +462,13 @@ tpm_add_measurement_to_log(u32 pcrindex, u32 event_type,
> .eventtype = event_type,
> .eventdatasize = event_length,
> };
> - tpm_fill_hash(&pcpes, hashdata, hashdata_length);
> - int ret = tpm_log_extend_event(&pcpes, event);
> - if (ret)
> + sha1(hashdata, hashdata_length, pcpes.digest);
> + int ret = tpm_extend(pcpes.pcrindex, pcpes.digest);
> + if (ret) {
> tpm_set_failure();
> + return;
> + }
> + tpm_log_event(&pcpes, event);
> }
>
>
> @@ -997,6 +980,25 @@ static inline void *output_buf32(struct bregs *regs)
> }
>
> static u32
> +hash_log_extend(struct pcpes *pcpes, const void *hashdata, u32 hashdata_length
> + , void *event, int extend)
> +{
> + if (pcpes->pcrindex >= 24)
> + return TCG_INVALID_INPUT_PARA;
> + if (hashdata)
> + sha1(hashdata, hashdata_length, pcpes->digest);
> + if (extend) {
> + int ret = tpm_extend(pcpes->pcrindex, pcpes->digest);
> + if (ret)
> + return TCG_TCG_COMMAND_ERROR;
> + }
> + int ret = tpm_log_event(pcpes, pcpes->event);
> + if (ret)
> + return TCG_PC_LOGOVERFLOW;
> + return 0;
> +}
> +
> +static u32
> hash_log_extend_event_int(const struct hleei_short *hleei_s,
> struct hleeo *hleeo)
> {
> @@ -1032,18 +1034,15 @@ hash_log_extend_event_int(const struct hleei_short *hleei_s,
>
> pcpes = (struct pcpes *)logdataptr;
>
> - if (pcpes->pcrindex >= 24 || pcpes->pcrindex != pcrindex
> + if (pcpes->pcrindex != pcrindex
> || logdatalen != sizeof(*pcpes) + pcpes->eventdatasize) {
> rc = TCG_INVALID_INPUT_PARA;
> goto err_exit;
> }
> -
> - tpm_fill_hash(pcpes, hleei_s->hashdataptr, hleei_s->hashdatalen);
> - int ret = tpm_log_extend_event(pcpes, pcpes->event);
> - if (ret) {
> - rc = TCG_TCG_COMMAND_ERROR;
> + rc = hash_log_extend(pcpes, hleei_s->hashdataptr, hleei_s->hashdatalen
> + , pcpes->event, 1);
> + if (rc)
> goto err_exit;
> - }
>
> hleeo->opblength = sizeof(struct hleeo);
> hleeo->reserved = 0;
> @@ -1131,19 +1130,16 @@ hash_log_event_int(const struct hlei *hlei, struct hleo *hleo)
>
> pcpes = (struct pcpes *)hlei->logdataptr;
>
> - if (pcpes->pcrindex >= 24 || pcpes->pcrindex != hlei->pcrindex
> + if (pcpes->pcrindex != hlei->pcrindex
> || pcpes->eventtype != hlei->logeventtype
> || hlei->logdatalen != sizeof(*pcpes) + pcpes->eventdatasize) {
> rc = TCG_INVALID_INPUT_PARA;
> goto err_exit;
> }
> -
> - tpm_fill_hash(pcpes, hlei->hashdataptr, hlei->hashdatalen);
> - int ret = tpm_log_event(pcpes, pcpes->event);
> - if (ret) {
> - rc = TCG_PC_LOGOVERFLOW;
> + rc = hash_log_extend(pcpes, hlei->hashdataptr, hlei->hashdatalen
> + , pcpes->event, 0);
> + if (rc)
> goto err_exit;
> - }
>
> /* updating the log was fine */
> hleo->opblength = sizeof(struct hleo);
> @@ -1193,11 +1189,10 @@ compact_hash_log_extend_event_int(u8 *buffer,
> .eventtype = EV_COMPACT_HASH,
> .eventdatasize = sizeof(info),
> };
> + u32 rc = hash_log_extend(&pcpes, buffer, length, &info, 1);
> + if (rc)
> + return rc;
>
> - tpm_fill_hash(&pcpes, buffer, length);
> - int ret = tpm_log_extend_event(&pcpes, &info);
> - if (ret)
> - return TCG_TCG_COMMAND_ERROR;
> *edx_ptr = tpm_state.entry_count;
> return 0;
> }
ACK.
Stefan
More information about the SeaBIOS
mailing list