From patchwork Fri Sep 3 01:55:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 506465 Delivered-To: patch@linaro.org Received: by 2002:a02:8629:0:0:0:0:0 with SMTP id e38csp594274jai; Thu, 2 Sep 2021 18:54:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJytv8mZM5I7WZZ6zSUXDkfhLsfSXRY4pDnoPsaao5gtDcO+L8jsP2pQpPHM7gyn7y8ROB4n X-Received: by 2002:a17:906:401:: with SMTP id d1mr1373864eja.242.1630634072961; Thu, 02 Sep 2021 18:54:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630634072; cv=none; d=google.com; s=arc-20160816; b=jnuQx73scuWXaeJR8iFJx1xHbWUFLPADtHDPOY1vIoBIBsf//dDE0hAsBXxmiohsvn k/iLk63ByHkhWnXrbweLx82NBcgqqdyggLSA//3hpPUjTVxyx+0SmaUYCBMNa6/xiUaC 5+NUlZAGd9uaAmL4OJNhXsEuxEwW884XXjBmJaUyHiRy0TlEwonmmgNJ1Su72CfqaYyC o9W2AgygOvwwZ0hsYpeU70ajgRdkUkO80BTgInGJHEm0TtO2263+gMmk5wqB6IRcUkl7 /h8xvBJGbDnzHCOrDTw7zgT0vp5uVOfV9kdY3SZn5Xho81AmCbx1Lz+YpUZU86SWBAvn mVCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:to:from:dkim-signature; bh=XWm2AHWkdNfzHEIgoqeaGUPAq7pjx5308HIvRUvqoXE=; b=bty8wsCgDSO8l7RnXrwSCxNBAhgbqgG6QybgUHGUfBosz3aIFEiJrwwTOhM7/ZYEXa pWi6gWneT2V2RdV+FKifohgnqyEXXuKbnubm04E5JCCG/qtsf8iEMwfuwpg+QtEe0LlW 1sJwBCdBfCbUON67Upb+Ti0SjPuYSkyBiaiglFtZZfaibBLz6H+mMbiY6f5fTHQCUd1V 61dfbbJy8nHm7AiHA1xYVTHv5Xy6/r83CHBJ9TKdh9+2Pe5yHq3KJ3g8EvXepQ5rse9B Sme1jZS7fh1NA1vJXXmGimQFJ9lev636xY+r3jEYWaO0pZszogZ78jngm1BKJH+GtKLf k+7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OXXpufNa; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id z5si3610744ejl.639.2021.09.02.18.54.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Sep 2021 18:54:32 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OXXpufNa; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 87D1E82BB2; Fri, 3 Sep 2021 03:54:19 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="OXXpufNa"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C1B31834F1; Fri, 3 Sep 2021 03:54:14 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B218A834F1 for ; Fri, 3 Sep 2021 03:54:10 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pl1-x62d.google.com with SMTP id k17so2366008pls.0 for ; Thu, 02 Sep 2021 18:54:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references; bh=XWm2AHWkdNfzHEIgoqeaGUPAq7pjx5308HIvRUvqoXE=; b=OXXpufNahuwRUWFgmofmeOfVIPGMOkSc81x4BvPeTBN7T/ZCn3pJMFgNuHunSAKuJZ NWPwanoHahfGun6GsjlBuJmzvM/rR7iF9FanUZMWAx6MosRE2BE+TYa8xGJyUT2H6sqa wDsajX0iwr/vcWb9GtmWZwGTeOnJMKsZ9gaaDnmMi+76eVKHLcFPj/muyVVksYawTrpM 723HCpVLe9r1KIu6xKDtOwyY04ja3MZk+JWLahNeCntZnxGUy9+3agWKMF17m84qy0vg vLoTSCCfyRALUjF62L8aFanTz5PWTZoQdfPurrRu8IpxbVHxYOSqtSn5EOpfxZeAE+ri EprQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=XWm2AHWkdNfzHEIgoqeaGUPAq7pjx5308HIvRUvqoXE=; b=skK3cV58hnYX/aWyctTLO49jmN6fc2BDKU7tbPIk2XSe5VKZZrTGukzFbQfAg626ID Hd7ibQIlyLlG1APmL64PgzkrpUtWlC+0OAADGBvUChigDfeSxADVaFlqNZZhBvRBFymz NF4V2bCCaPjqm9GLemImpi8T6nsX6dJqpZfWVXULLRuogH3yqwQwOCLxUKKXMdH3T8G8 TcA6DdT/BDkTtFnW62WYMtKizHc2lv6WK8mdEqm0+mh9f98o95t9rzWJY26JjUeFnpKQ j73x03w3XxwGy/pXpUcY+/uByEjkq6Y5YHJIUJh11Xu7VDF+o/8EqIsMmaWa/klsw/yr N2rA== X-Gm-Message-State: AOAM532/k0Xtu9dJ++L4+ZJU5d9lDVm1HrvJbW1gByfSUwv9I9J/3e1o hDnc1AHvFItUfYg61bovHwMKfMdp8G+0UiNO X-Received: by 2002:a17:90a:a087:: with SMTP id r7mr7250474pjp.84.1630634049035; Thu, 02 Sep 2021 18:54:09 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id g37sm4182198pgl.94.2021.09.02.18.54.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Sep 2021 18:54:08 -0700 (PDT) From: Masahisa Kojima To: Heinrich Schuchardt , Alexander Graf , Ilias Apalodimas , Simon Glass , AKASHI Takahiro , u-boot@lists.denx.de Subject: [PATCH 1/3] efi_loader: add missing parameter check for EFI_TCG2_PROTOCOL api Date: Fri, 3 Sep 2021 10:55:50 +0900 Message-Id: <20210903015552.17180-2-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210903015552.17180-1-masahisa.kojima@linaro.org> References: <20210903015552.17180-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean TCG EFI Protocol Specification defines the required parameter checking and return value for each API. This commit adds the missing parameter check and fixes the wrong return value to comply the specification. Signed-off-by: Masahisa Kojima --- lib/efi_loader/efi_tcg2.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) -- 2.17.1 Reviewed-by: Ilias Apalodimas diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 35e69b9112..c4e9f61fd6 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -708,6 +708,18 @@ efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this, EFI_ENTRY("%p, %u, %p, %p, %p", this, log_format, event_log_location, event_log_last_entry, event_log_truncated); + if (!this || !event_log_location || !event_log_last_entry || + !event_log_truncated) { + ret = EFI_INVALID_PARAMETER; + goto out; + } + + /* Only support TPMV2 */ + if (log_format != TCG2_EVENT_LOG_FORMAT_TCG_2) { + ret = EFI_INVALID_PARAMETER; + goto out; + } + ret = platform_get_tpm2_device(&dev); if (ret != EFI_SUCCESS) { event_log_location = NULL; @@ -965,6 +977,7 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, data_to_hash_len, (void **)&nt); if (ret != EFI_SUCCESS) { log_err("Not a valid PE-COFF file\n"); + ret = EFI_UNSUPPORTED; goto out; } ret = tcg2_hash_pe_image((void *)(uintptr_t)data_to_hash, @@ -1038,9 +1051,15 @@ efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this, { efi_status_t ret; + if (!this || !active_pcr_banks) { + ret = EFI_INVALID_PARAMETER; + goto out; + } + EFI_ENTRY("%p, %p", this, active_pcr_banks); ret = __get_active_pcr_banks(active_pcr_banks); +out: return EFI_EXIT(ret); } From patchwork Fri Sep 3 01:55:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 506466 Delivered-To: patch@linaro.org Received: by 2002:a02:8629:0:0:0:0:0 with SMTP id e38csp594386jai; Thu, 2 Sep 2021 18:54:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzJhfj6PCWlGnd/Euhq4OjfZRtEg+mrAyE3IFR5K/jtZl1kAqLAl7CtGA4usZdbNNsDmVck X-Received: by 2002:a05:6402:1779:: with SMTP id da25mr1354168edb.200.1630634082966; Thu, 02 Sep 2021 18:54:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630634082; cv=none; d=google.com; s=arc-20160816; b=ezWuZI2O+739NO8fMNCNJLalN+YdGZtFO2dbBg/FkE0m+YSUojX42BF29CRXOXAVMQ cAbIJVckdf42lvG919m8h47GPFRnK4qnodxv28KPw6NleybgwwJUio/sRXko2SW/FUYD rxI148UsmbrciKeKcGutljx49iqwIT8nbbRMWpxV0ACCHB0BtOZJgCrnYy9yq6iW7oLZ VfeaRcSwmvx/S3V40u9K8x3JD3aM8TT84R/vOUIQQc3F3SgA3WvmJh/vncpBKmhTqdzj sVKfwyMJh4+oMTGqy1K8k4K3kQ4vlbr7/kb03sQy0AFkIQOwfVNoim3TuGvVaONEormg 4Zsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:to:from:dkim-signature; bh=2q6LYLIy26DSv9lc4lY9hrB8jIQ6aKlOoaRXoPoYM1M=; b=jJ7rrBkcn9+a1eG8kajnQ+/V+1P1bBs6u91hFNTppcfDemEUb/7P6CRcEiYLNkcowq ymZHPmpgUeC2OxQUYdkqyAasN12hcUUB0RQatrtZ2aBx3nkgFRJO3YEIQGBGB5dyY5tZ xiHN8SYwxHHTGEVut+tiC/Dht2NXleZGcilj4kDRc8nsF/lxOPzjlslLT2nZU/PYqLrZ fycj2wnDfTcSqwPnOWPpDIZZanKoS6FWBk16xjDPcFL5/lrSD95u0DLVN1M6mzmYJVIM oUoOFAeqoOd2mYCpqJ5KizXjuiEriq8n6741WYD7o1Oa+0GC77xHzUeGOBP1yOP27O5b r6VA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="VWd/OiHF"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id ar10si3313832ejc.418.2021.09.02.18.54.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Sep 2021 18:54:42 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="VWd/OiHF"; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 058F0834F1; Fri, 3 Sep 2021 03:54:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="VWd/OiHF"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 82D6A800AA; Fri, 3 Sep 2021 03:54:17 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B3D20834BA for ; Fri, 3 Sep 2021 03:54:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pg1-x52c.google.com with SMTP id q68so3974590pga.9 for ; Thu, 02 Sep 2021 18:54:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references; bh=2q6LYLIy26DSv9lc4lY9hrB8jIQ6aKlOoaRXoPoYM1M=; b=VWd/OiHFE0iyP8a+d5+Ks88ofj3jzNvdkpJ/rQwB5fk0Q9CTGnUUcQcIbdDggd9v57 sO5DtahCXM1OvoRMs2Sw4k1ZZGRD7SNh2Ezvpmjpcdrz9FKuJbV+w7n7CgLFsxJ2lTo9 jIV2k3dBjr/9P6YWvE0jubsAsNNvZ7oFi6OwZ9GpZ12zcrXG+AO/9DqD4yx2NCRpV0ni 015Q1L6Svw56E1bEyrQJq9We6XnhRIuB20FMNi7in9QPKr7x3g3y7keS+JRjqBuk9FUv O48F/KOIEv4tE17lM5MBDe5HH1ouMNkhSVOJRvEMQXdAROFg3VH0I9lt9WlvStHEUd7X 6WQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=2q6LYLIy26DSv9lc4lY9hrB8jIQ6aKlOoaRXoPoYM1M=; b=YXdcHp5WTETMjkAro5GXT/j+XWkGelMJBtX6+mtDuqFhYXNhLp9ovlhIEtZR9SwIeM l+rh9APxDfA0XDXgCQ9VjBYaxaKVXkNUf9KdRrAz1n8y3mHCsXDatlM0m73RN9eAuTT5 PiaQIMVIWlZ5D4r/MAAipcADpCDPo6ppDwvuI0HgqMXp3QXljo1ojOW4+pDsanhOdjrI WAenxOtQanSba+05tqoRGHhUflvchGNFab3j6gR2X42yWg5e+YC5kphKYhUIX8Kbz9E0 Ao16EcmXDaQTRLa27MUGLkrm3yH6mF0tEqGZrAQvRORWe3AlVSYDfw2AWrX/16V7xarw fiiw== X-Gm-Message-State: AOAM5333o4ooXGVbae0/br9xEkcemn2DUjL7czHygO1964IYdbzLulWm IAHbmYOJDk/+0kQp9T5LkM5/3Q== X-Received: by 2002:a05:6a00:98f:b0:40c:96c5:b4fd with SMTP id u15-20020a056a00098f00b0040c96c5b4fdmr1142394pfg.0.1630634051066; Thu, 02 Sep 2021 18:54:11 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id g37sm4182198pgl.94.2021.09.02.18.54.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Sep 2021 18:54:10 -0700 (PDT) From: Masahisa Kojima To: Heinrich Schuchardt , Alexander Graf , Ilias Apalodimas , Simon Glass , AKASHI Takahiro , u-boot@lists.denx.de Subject: [PATCH 2/3] efi_loader: fix boot_service_capability_min calculation Date: Fri, 3 Sep 2021 10:55:51 +0900 Message-Id: <20210903015552.17180-3-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210903015552.17180-1-masahisa.kojima@linaro.org> References: <20210903015552.17180-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean TCG EFI Protocol Specification requires to the input ProtocolCapability.Size < size of the EFI_TCG2_BOOT_SERVICE_CAPABILITY up to and including the vendor ID field. Current implementation does different calculation, let's fix it. Signed-off-by: Masahisa Kojima --- include/efi_tcg2.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.17.1 Reviewed-by: Ilias Apalodimas Reviewed-by: Heinrich Schuchardt diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index b6b958da51..45788d55d5 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -127,8 +127,8 @@ struct efi_tcg2_boot_service_capability { efi_tcg_event_algorithm_bitmap active_pcr_banks; }; +/* up to and including the vendor ID(manufacture_id) field */ #define boot_service_capability_min \ - sizeof(struct efi_tcg2_boot_service_capability) - \ offsetof(struct efi_tcg2_boot_service_capability, number_of_pcr_banks) #define TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03 "Spec ID Event03" From patchwork Fri Sep 3 01:55:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 506467 Delivered-To: patch@linaro.org Received: by 2002:a02:8629:0:0:0:0:0 with SMTP id e38csp594497jai; Thu, 2 Sep 2021 18:54:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzMn1krZAHuH/KifJhUbgN0A03RXz6mSJI4wqNLwtdY0IWjAsAYUqUWAg5+dOFrfefSOlRv X-Received: by 2002:a17:906:e88:: with SMTP id p8mr1313189ejf.103.1630634093668; Thu, 02 Sep 2021 18:54:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630634093; cv=none; d=google.com; s=arc-20160816; b=ZO9HDwCRD8UeoHRsM/r8yAcvfZU8Jz493bnIuNhRgiz1Ne3fUpZ8xUKNpoFOkr91FH Falb0ZncWVbIQfdegJQxRCsC7dtJPdnLW46bMO4vw6/bA8ymApNvxKtvnXn4qAk5tgP3 Il+FH1OEukgv9p8vMkBlLcyqLwb5HIMf9UPALtMJiR5IC1qMmFzcWa2qV71CZejmDmu0 g3lVzlczweAeZKU1VS/+n3lQs7R2tcXcNF6ehM2PcfXnxojnwOsKiGXjgHN/VnZUw+8r kUCFvWEpkTN6ijd6CJTcbNMStXFntZJzWrMwwrNC19LLY98E7qN7Z52WN9dPsygD8Bpc G7Rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:to:from:dkim-signature; bh=/sL6paaxDvmhePTPatoUwetXffPc4WRPBeRMw5NP3qI=; b=qtSfrdrrpZ5xsDQ0GntVZ9Frgw15luDFOFQ2iBT242AwwLNpooGXeUjEPbYP/Hku/c MZHbu5jXAN4y6RGSIFZ123cadmEbJcL+hPGPlThK2cJhhWO337FS6B60YpnnADsmMWQS KwMmkX4yfYV3T1wcNOAfMIeowJD1FCTTg+5818Pb84fUnWUFg1wBvPaXFap+8EilL+Xp D/RN6HPZDLlZzmB2BKD5WBpB8YudFsHB7xH/EqTS+1z3txjQAAjJRIevoVxoIygfb8SB 9Osl9BzZbwQlBRXXhBkTEyinLoNs3eezhGKSW7Mq1VTIOSJSqp0Y1gF9gsHw2gt1zMxd aZMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=n8ZikKdR; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id cw8si3703375edb.355.2021.09.02.18.54.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Sep 2021 18:54:53 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=n8ZikKdR; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 047E183520; Fri, 3 Sep 2021 03:54:29 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="n8ZikKdR"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C17DD800AA; Fri, 3 Sep 2021 03:54:20 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id CCCA4834F6 for ; Fri, 3 Sep 2021 03:54:14 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x42a.google.com with SMTP id 7so3080067pfl.10 for ; Thu, 02 Sep 2021 18:54:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references; bh=/sL6paaxDvmhePTPatoUwetXffPc4WRPBeRMw5NP3qI=; b=n8ZikKdRsR7YtOaMXOD5yzcWOGDcJUfgU3qnPK/CEs7s9UrtQQb8KkTO2mYWGLq3NR /lFlS82oaIIAio90LzLVcI1uinDNMhJWhhIXj/gH5lsQPQ4TwI8zDctnz/tvAT7kYzTn AnVwaz926iw6xCMxaXQea5O0fbcJ2cs0a5ChUzZ0tAE3pfiy8vdEyXcfylKfVG03MkB4 GwphJsJlw/Y52AJiosP2B9R0gv9bKs3Awytn2MZ5cuR4HtoBstTnw8BleL8B3ABXKfUs BRIC8pKpzThveYJ8Du+89VEaokAZUbAiZlwZAugkl9s5iAEbLbiwJIsrfV35EMw/Hg3l hMSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=/sL6paaxDvmhePTPatoUwetXffPc4WRPBeRMw5NP3qI=; b=lk1ZSv4tfgXKPpGk6VR3h4Z5qiMLOCSdkXwRR+ljWJqgzpJLn+SW3KvBKusVQ1pX7S zUweVmTAYnO3KmilEmhqcWd0Stc8+czH1LxCdOiJ19kgX2rxiS6rHp5jlTDaQ0rs7jcn Qtm3Dms8x+a4HL7++tER6jAQDREu8RIQTpbYy6+kJMlP0QHZwMV5AghvMjzuYa6+tGVi Vikc1+ystyqin02X+tjOOp9jlDieZDyKYjCUv8K54QHaR74GYFPS5BCEHtTY7F3cblfw 3d2Qr++NFYvzVi00fH5MxLLhg55BP++Ys/1NJeqwz3idql4DRLtMxk9Z0BRlBW6FswRQ SNnw== X-Gm-Message-State: AOAM530eZcDctf5NRITWZ1Xsw+/T73FiZI1lk9xRr3Q69mytIt6f/zvi mXDkPh0SVK91BY9Jh0DbQJNCAw== X-Received: by 2002:a63:1e4e:: with SMTP id p14mr1263272pgm.261.1630634053063; Thu, 02 Sep 2021 18:54:13 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id g37sm4182198pgl.94.2021.09.02.18.54.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Sep 2021 18:54:12 -0700 (PDT) From: Masahisa Kojima To: Heinrich Schuchardt , Alexander Graf , Ilias Apalodimas , Simon Glass , AKASHI Takahiro , u-boot@lists.denx.de Subject: [PATCH 3/3] efi_loader: fix efi_tcg2_hash_log_extend_event() parameter check Date: Fri, 3 Sep 2021 10:55:52 +0900 Message-Id: <20210903015552.17180-4-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210903015552.17180-1-masahisa.kojima@linaro.org> References: <20210903015552.17180-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean TCG EFI Protocol Specification defines that PCRIndex parameter passed from caller must be 0 to 23. TPM2_MAX_PCRS is currently used to check the range of PCRIndex, but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value. This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to check the range of PCRIndex parameter. Signed-off-by: Masahisa Kojima --- include/efi_tcg2.h | 2 ++ lib/efi_loader/efi_tcg2.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) -- 2.17.1 Reviewed-by: Ilias Apalodimas Acked-by: Heinrich Schuchardt diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index 45788d55d5..b647361d44 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -28,6 +28,8 @@ #define EFI_TCG2_EXTEND_ONLY 0x0000000000000001 #define PE_COFF_IMAGE 0x0000000000000010 +#define EFI_TCG2_MAX_PCR_INDEX 23 + /* Algorithm Registry */ #define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001 #define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002 diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index c4e9f61fd6..b268a02976 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -958,7 +958,7 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, goto out; } - if (efi_tcg_event->header.pcr_index > TPM2_MAX_PCRS) { + if (efi_tcg_event->header.pcr_index > EFI_TCG2_MAX_PCR_INDEX) { ret = EFI_INVALID_PARAMETER; goto out; }