| Message ID | 20201121174718.949000-1-ilias.apalodimas@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | tpm: use more than sha256 on pcr_extend | expand |
Hi Ilias, On Sat, 21 Nov 2020 at 10:47, Ilias Apalodimas <ilias.apalodimas@linaro.org> wrote: > > The current tpm2_pcr_extend is hardcoded using SHA256. > Let's make the actual command to the TPM2 configurable so we can support > a wider range of algorithms and keep the current command line as-is i.e > limited to SHA256 only > > Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> > --- > cmd/tpm-v2.c | 3 ++- > include/tpm-v2.h | 5 ++++- > lib/tpm-v2.c | 11 ++++++----- > 3 files changed, 12 insertions(+), 7 deletions(-) > Reviewed-by: Simon Glass <sjg@chromium.org> nit below > diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c > index 5fa4788a72de..daae91100a2b 100644 > --- a/cmd/tpm-v2.c > +++ b/cmd/tpm-v2.c > @@ -116,7 +116,8 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int flag, int argc, > if (index >= priv->pcr_count) > return -EINVAL; > > - rc = tpm2_pcr_extend(dev, index, digest); > + rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest, > + TPM2_DIGEST_LEN); > > unmap_sysmem(digest); > > diff --git a/include/tpm-v2.h b/include/tpm-v2.h > index d8cf0ab05185..fde44e5d98cd 100644 > --- a/include/tpm-v2.h > +++ b/include/tpm-v2.h > @@ -376,11 +376,14 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, > * > * @dev TPM device > * @index Index of the PCR > + * @algorithm Algorithm used It is a good idea to reference the enum or #define that describes the values, as with this comment people will not know what values are valid. > * @digest Value representing the event to be recorded > + * @digest_len len of the hash > * > * @return code of the operation > */ > -u32 tpm2_pcr_extend(struct udevice *dev, u32 index, const uint8_t *digest); > +u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, > + const u8 *digest, u32 digest_len); > Regards, Simon
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c index 5fa4788a72de..daae91100a2b 100644 --- a/cmd/tpm-v2.c +++ b/cmd/tpm-v2.c @@ -116,7 +116,8 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int flag, int argc, if (index >= priv->pcr_count) return -EINVAL; - rc = tpm2_pcr_extend(dev, index, digest); + rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest, + TPM2_DIGEST_LEN); unmap_sysmem(digest); diff --git a/include/tpm-v2.h b/include/tpm-v2.h index d8cf0ab05185..fde44e5d98cd 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -376,11 +376,14 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, * * @dev TPM device * @index Index of the PCR + * @algorithm Algorithm used * @digest Value representing the event to be recorded + * @digest_len len of the hash * * @return code of the operation */ -u32 tpm2_pcr_extend(struct udevice *dev, u32 index, const uint8_t *digest); +u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, + const u8 *digest, u32 digest_len); /** * Issue a TPM2_PCR_Read command. diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 91759068cf03..1f3deb06e487 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -80,11 +80,12 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, return tpm_sendrecv_command(dev, command_v2, NULL, NULL); } -u32 tpm2_pcr_extend(struct udevice *dev, u32 index, const uint8_t *digest) +u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, + const u8 *digest, u32 digest_len) { u8 command_v2[COMMAND_BUFFER_SIZE] = { tpm_u16(TPM2_ST_SESSIONS), /* TAG */ - tpm_u32(33 + TPM2_DIGEST_LEN), /* Length */ + tpm_u32(33 + digest_len), /* Length */ tpm_u32(TPM2_CC_PCR_EXTEND), /* Command code */ /* HANDLE */ @@ -99,7 +100,7 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, const uint8_t *digest) tpm_u16(0), /* Size of <hmac/password> */ /* <hmac/password> (if any) */ tpm_u32(1), /* Count (number of hashes) */ - tpm_u16(TPM2_ALG_SHA256), /* Algorithm of the hash */ + tpm_u16(algorithm), /* Algorithm of the hash */ /* STRING(digest) Digest */ }; unsigned int offset = 33; @@ -110,8 +111,8 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, const uint8_t *digest) * - the digest */ ret = pack_byte_string(command_v2, sizeof(command_v2), "s", - offset, digest, TPM2_DIGEST_LEN); - offset += TPM2_DIGEST_LEN; + offset, digest, digest_len); + offset += digest_len; if (ret) return TPM_LIB_ERROR;
The current tpm2_pcr_extend is hardcoded using SHA256. Let's make the actual command to the TPM2 configurable so we can support a wider range of algorithms and keep the current command line as-is i.e limited to SHA256 only Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> --- cmd/tpm-v2.c | 3 ++- include/tpm-v2.h | 5 ++++- lib/tpm-v2.c | 11 ++++++----- 3 files changed, 12 insertions(+), 7 deletions(-) -- 2.29.2