From patchwork Tue Sep 14 06:44:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ruchika Gupta X-Patchwork-Id: 510924 Delivered-To: patch@linaro.org Received: by 2002:a02:c816:0:0:0:0:0 with SMTP id p22csp1423226jao; Tue, 14 Sep 2021 03:59:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwccRlBHonY1jJVADYZlInNHu9uxOXqXHlgJ6zz/JIINsc6xTTNrVJAoY08Z7X4IHOhqWv/ X-Received: by 2002:a17:906:130a:: with SMTP id w10mr18715459ejb.87.1631617156793; Tue, 14 Sep 2021 03:59:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631617156; cv=none; d=google.com; s=arc-20160816; b=K5ZmxbtjKYoxbizBK5kegjWYrVEmUL4SfF3qOFnITCsbMv8dC6fYmgLmA6tDacKB2L 9U3Vl7qBD0x0i+Qek0mAwM321WEgviUejGVXBjVfsZ7MloGbqSiQlQsGxU9B0dzDRWbj Ffi+fcUJ0B+543Ac65Zsy/mYXWfpqW7Pk0uJBAzOyNgpYbUsiJFBqQ5VEZ/nu9eGCFvu e6r1njqRhnAEGr+2QU8k2Jd8eNjzxYD6V95h/n830DCBOFoS3IzHvfaZzw+IN2AUY+n9 zkM/FG3ChgKcviGBVUW2Ot4dBdT+1DiD6woPh0KnQcIdofEjoaOeImQvAdV8JTqXOjGD RPZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=gZb/TEUHRDfX7Q5d1uExM+bGRlh6WelqguGNyBTro6M=; b=cTL864w4OcXmGvzYG3DZJ1OTgJ5AVKgLEUkTB95FiU8nS/JvQl/HKqFE/LppPjH4AN BaiOcyv6EBZf93iSg9vPi/eRhMQVMRHfP3VRUPDxqUhx78wmJCkXFZQDGT5r8hE7g8o5 WxNNJzENcu1Z/MltKtkK7Ho68rHaB5eVdU/QBJ26gXKopBhTnbKbo5Qp7miI8KbaXy/W rRFlI2lKHxc+flgqm9LvrgwW/TgkH8OAsZnK4C1zg4gf+JMHe2EB8NhlGyeQ8rgLCx46 0ozSc7lIHYqC9pYO5iK7cj4wodGCLjpstX6Qht10YyEaPJmPMfU2mLwnM471q76weaSm 9xnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YJ9OcVjp; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id w9si101995edt.507.2021.09.14.03.59.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Sep 2021 03:59:16 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YJ9OcVjp; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2D07B81E1C; Tue, 14 Sep 2021 12:59:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="YJ9OcVjp"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E800082DC1; Tue, 14 Sep 2021 08:44:51 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2CE6082D93 for ; Tue, 14 Sep 2021 08:44:47 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ruchika.gupta@linaro.org Received: by mail-pj1-x1029.google.com with SMTP id c13-20020a17090a558d00b00198e6497a4fso1353878pji.4 for ; Mon, 13 Sep 2021 23:44:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=gZb/TEUHRDfX7Q5d1uExM+bGRlh6WelqguGNyBTro6M=; b=YJ9OcVjpuLpkkMXlbmLmvaW61nMDLh29/HPOwyms0EkdDDkNGbN3U4+K2wYc8Y1YKp U/ZElMB0M0FztndTxjMxG5yggjZjJntQJ5qsW7obDK4qI/ZF0tOquQM+oycIKzkOM2ea AoOXJbP+rxLO4KV34n/EBbxNUsSff1Ejd6KL9gSx/xDhCOmHrwldjnb95ZnLT8baMGIb 44aPZZXcgZbCWGrZ46ONQE6DrIoXjVzRmPrSl1W5+aoxltfXfmGY6G0BsXARW1ypGwZy KcNdmJMJxRYsVTLkmK3eZhRu0VONdpN2Hgw5TEeSBFJWGNSWEy9KZcGFIpgCDjcrX207 sifQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=gZb/TEUHRDfX7Q5d1uExM+bGRlh6WelqguGNyBTro6M=; b=2O7orbjUTQvo+9wZmIFyDolWG2/xrKsCtrrewVXlsbyd5mF9yrx7rRm+YmKCEielgP tYPj5Rkba0rNmjMtBcNneTtjNKgKGtvnEVwLIH1AKPsnLVM8UgH+TkVErm2bsgF+O+NB v5J5OzIShLnwpp040iwXjVY7famIKXk14XKEmXzCpiFA7SSIdqo65LQRA/PgJHPnr5tC R8KJCfX6KfoIdumsNvs4TRGjJKcXjqZI2Rhnv65CSDVw1xB/98RaM6bbsSIuEp6KFpSD MVyAo8HY8wJAmFQfgMKytyMV7v+kB49Swl5tTlRJCzkFu1nd86iCXDY/+j69ErDu7pFM XHlw== X-Gm-Message-State: AOAM531gwIkjURZ7NZh6NishvNsa8jz5PzFuUuSAuzcakLNm1j5e7LsO LBTBSTI41RO58KyzBLfKKougcHHr1xq+Q2X1 X-Received: by 2002:a17:90b:4a90:: with SMTP id lp16mr336627pjb.5.1631601885012; Mon, 13 Sep 2021 23:44:45 -0700 (PDT) Received: from localhost.localdomain ([106.215.93.139]) by smtp.gmail.com with ESMTPSA id d4sm373243pjo.12.2021.09.13.23.44.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Sep 2021 23:44:44 -0700 (PDT) From: Ruchika Gupta To: u-boot@lists.denx.de Cc: Ruchika Gupta , Masahisa Kojima , Ilias Apalodimas , Heinrich Schuchardt Subject: [PATCH] efi_loader: Fix spec ID event creation Date: Tue, 14 Sep 2021 12:14:31 +0530 Message-Id: <20210914064431.887691-1-ruchika.gupta@linaro.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 14 Sep 2021 12:58:54 +0200 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean TCG EFI Protocol Specification defines the number_of_algorithms field in spec ID event to be equal to the number of active algorithms supported by the TPM device. In current implementation, this field is populated with the count of all algorithms supported by the TPM which leads to incorrect spec ID event creation. Similarly, the algorithm array in spec ID event should be a variable length array with length being equal to the number_of_algorithms field. In current implementation this is defined as a fixed length array which has been fixed. Signed-off-by: Ruchika Gupta CC: Masahisa Kojima CC: Ilias Apalodimas CC: Heinrich Schuchardt --- include/efi_tcg2.h | 7 +------ lib/efi_loader/efi_tcg2.c | 40 ++++++++++++++++++++++----------------- 2 files changed, 24 insertions(+), 23 deletions(-) -- 2.25.1 diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index c99384fb00..6c9f448a26 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -165,8 +165,6 @@ struct tcg_efi_spec_id_event_algorithm_size { * @digest_sizes: array of number_of_algorithms pairs * 1st member defines the algorithm id * 2nd member defines the algorithm size - * @vendor_info_size: size in bytes for vendor specific info - * @vendor_info: vendor specific info */ struct tcg_efi_spec_id_event { u8 signature[16]; @@ -176,10 +174,7 @@ struct tcg_efi_spec_id_event { u8 spec_errata; u8 uintn_size; u32 number_of_algorithms; - struct tcg_efi_spec_id_event_algorithm_size digest_sizes[TPM2_NUM_PCR_BANKS]; - u8 vendor_info_size; - /* U-Boot does not provide any vendor info */ - u8 vendor_info[]; + struct tcg_efi_spec_id_event_algorithm_size digest_sizes[]; } __packed; /** diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index b268a02976..3fd6bc30a1 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -575,9 +575,10 @@ static efi_status_t tcg2_create_digest(const u8 *input, u32 length, EFI_PRINT("Unsupported algorithm %x\n", hash_alg); return EFI_INVALID_PARAMETER; } + digest_list->digests[digest_list->count].hash_alg = hash_alg; + memcpy(&digest_list->digests[digest_list->count].digest, final, + (u32)alg_to_len(hash_alg)); digest_list->count++; - digest_list->digests[i].hash_alg = hash_alg; - memcpy(&digest_list->digests[i].digest, final, (u32)alg_to_len(hash_alg)); } return EFI_SUCCESS; @@ -798,8 +799,9 @@ static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size, EFI_PRINT("Unsupported algorithm %x\n", hash_alg); return EFI_INVALID_PARAMETER; } - digest_list->digests[i].hash_alg = hash_alg; - memcpy(&digest_list->digests[i].digest, hash, (u32)alg_to_len(hash_alg)); + digest_list->digests[digest_list->count].hash_alg = hash_alg; + memcpy(&digest_list->digests[digest_list->count].digest, hash, + (u32)alg_to_len(hash_alg)); digest_list->count++; } @@ -1123,7 +1125,7 @@ static efi_status_t create_specid_event(struct udevice *dev, void *buffer, struct tcg_efi_spec_id_event *spec_event; size_t spec_event_size; efi_status_t ret = EFI_DEVICE_ERROR; - u32 active = 0, supported = 0; + u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0; int err; size_t i; @@ -1145,25 +1147,29 @@ static efi_status_t create_specid_event(struct udevice *dev, void *buffer, TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2; spec_event->uintn_size = sizeof(efi_uintn_t) / sizeof(u32); - err = tpm2_get_pcr_info(dev, &supported, &active, - &spec_event->number_of_algorithms); + err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count); + if (err) goto out; - if (spec_event->number_of_algorithms > MAX_HASH_COUNT || - spec_event->number_of_algorithms < 1) - goto out; - for (i = 0; i < spec_event->number_of_algorithms; i++) { + for (i = 0; i < pcr_count; i++) { u16 hash_alg = hash_algo_list[i].hash_alg; u16 hash_len = hash_algo_list[i].hash_len; - if (active && alg_to_mask(hash_alg)) { + if (active & alg_to_mask(hash_alg)) { put_unaligned_le16(hash_alg, - &spec_event->digest_sizes[i].algorithm_id); + &spec_event->digest_sizes[alg_count].algorithm_id); put_unaligned_le16(hash_len, - &spec_event->digest_sizes[i].digest_size); + &spec_event->digest_sizes[alg_count].digest_size); + alg_count++; } } + + spec_event->number_of_algorithms = alg_count; + if (spec_event->number_of_algorithms > MAX_HASH_COUNT || + spec_event->number_of_algorithms < 1) + goto out; + /* * the size of the spec event and placement of vendor_info_size * depends on supported algoriths @@ -1172,9 +1178,9 @@ static efi_status_t create_specid_event(struct udevice *dev, void *buffer, offsetof(struct tcg_efi_spec_id_event, digest_sizes) + spec_event->number_of_algorithms * sizeof(spec_event->digest_sizes[0]); /* no vendor info for us */ - memset(buffer + spec_event_size, 0, - sizeof(spec_event->vendor_info_size)); - spec_event_size += sizeof(spec_event->vendor_info_size); + memset(buffer + spec_event_size, 0, 1); + /* add a byte for vendor_info_size in the spec event */ + spec_event_size += 1; *event_size = spec_event_size; return EFI_SUCCESS;