summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorRuchika Gupta <ruchika.gupta@linaro.org>2021-09-14 12:14:31 +0530
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>2021-09-25 12:31:08 +0200
commit346cee3ac5782fefeaeda2b54914b029547adf52 (patch)
treeef6420bf3394a1114afe8c40fd31c646d1376a57 /lib
parent269d2d14d243f214e8eb5c63810d73272d6fd3f3 (diff)
downloadu-boot-346cee3ac5782fefeaeda2b54914b029547adf52.tar.gz
u-boot-346cee3ac5782fefeaeda2b54914b029547adf52.tar.bz2
u-boot-346cee3ac5782fefeaeda2b54914b029547adf52.zip
efi_loader: Fix spec ID event creation
TCG EFI Protocol Specification defines the number_of_algorithms field in spec ID event to be equal to the number of active algorithms supported by the TPM device. In current implementation, this field is populated with the count of all algorithms supported by the TPM which leads to incorrect spec ID event creation. Similarly, the algorithm array in spec ID event should be a variable length array with length being equal to the number_of_algorithms field. In current implementation this is defined as a fixed length array which has been fixed. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> CC: Masahisa Kojima <masahisa.kojima@linaro.org> CC: Ilias Apalodimas <ilias.apalodimas@linaro.org> CC: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Diffstat (limited to 'lib')
-rw-r--r--lib/efi_loader/efi_tcg2.c40
1 files changed, 23 insertions, 17 deletions
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index cb48919223..d3b8f93f14 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -575,9 +575,10 @@ static efi_status_t tcg2_create_digest(const u8 *input, u32 length,
EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
return EFI_INVALID_PARAMETER;
}
+ digest_list->digests[digest_list->count].hash_alg = hash_alg;
+ memcpy(&digest_list->digests[digest_list->count].digest, final,
+ (u32)alg_to_len(hash_alg));
digest_list->count++;
- digest_list->digests[i].hash_alg = hash_alg;
- memcpy(&digest_list->digests[i].digest, final, (u32)alg_to_len(hash_alg));
}
return EFI_SUCCESS;
@@ -798,8 +799,9 @@ static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
return EFI_INVALID_PARAMETER;
}
- digest_list->digests[i].hash_alg = hash_alg;
- memcpy(&digest_list->digests[i].digest, hash, (u32)alg_to_len(hash_alg));
+ digest_list->digests[digest_list->count].hash_alg = hash_alg;
+ memcpy(&digest_list->digests[digest_list->count].digest, hash,
+ (u32)alg_to_len(hash_alg));
digest_list->count++;
}
@@ -1120,7 +1122,7 @@ static efi_status_t create_specid_event(struct udevice *dev, void *buffer,
struct tcg_efi_spec_id_event *spec_event;
size_t spec_event_size;
efi_status_t ret = EFI_DEVICE_ERROR;
- u32 active = 0, supported = 0;
+ u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0;
int err;
size_t i;
@@ -1142,25 +1144,29 @@ static efi_status_t create_specid_event(struct udevice *dev, void *buffer,
TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2;
spec_event->uintn_size = sizeof(efi_uintn_t) / sizeof(u32);
- err = tpm2_get_pcr_info(dev, &supported, &active,
- &spec_event->number_of_algorithms);
+ err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count);
+
if (err)
goto out;
- if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
- spec_event->number_of_algorithms < 1)
- goto out;
- for (i = 0; i < spec_event->number_of_algorithms; i++) {
+ for (i = 0; i < pcr_count; i++) {
u16 hash_alg = hash_algo_list[i].hash_alg;
u16 hash_len = hash_algo_list[i].hash_len;
- if (active && alg_to_mask(hash_alg)) {
+ if (active & alg_to_mask(hash_alg)) {
put_unaligned_le16(hash_alg,
- &spec_event->digest_sizes[i].algorithm_id);
+ &spec_event->digest_sizes[alg_count].algorithm_id);
put_unaligned_le16(hash_len,
- &spec_event->digest_sizes[i].digest_size);
+ &spec_event->digest_sizes[alg_count].digest_size);
+ alg_count++;
}
}
+
+ spec_event->number_of_algorithms = alg_count;
+ if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
+ spec_event->number_of_algorithms < 1)
+ goto out;
+
/*
* the size of the spec event and placement of vendor_info_size
* depends on supported algoriths
@@ -1169,9 +1175,9 @@ static efi_status_t create_specid_event(struct udevice *dev, void *buffer,
offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
spec_event->number_of_algorithms * sizeof(spec_event->digest_sizes[0]);
/* no vendor info for us */
- memset(buffer + spec_event_size, 0,
- sizeof(spec_event->vendor_info_size));
- spec_event_size += sizeof(spec_event->vendor_info_size);
+ memset(buffer + spec_event_size, 0, 1);
+ /* add a byte for vendor_info_size in the spec event */
+ spec_event_size += 1;
*event_size = spec_event_size;
return EFI_SUCCESS;