From patchwork Mon Dec 23 14:47:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raymond Mao X-Patchwork-Id: 853065 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp3432245wrq; Mon, 23 Dec 2024 06:48:02 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCX6/pe7oRt6gwSeLmOOG05KPUAnPpyF+NE52zo3hcwnTR8Xb4vHfB62QA4rUAA/FFWY88EFXQ==@linaro.org X-Google-Smtp-Source: AGHT+IG2DtTIg+XQZyY3ctawWkjZmyvfmu3hloh40XDSBblF9+O6P3Rt51lNqpZJ4wOPxHE5CerX X-Received: by 2002:a17:907:3d89:b0:aab:740f:e467 with SMTP id a640c23a62f3a-aac2713131amr1039560566b.8.1734965281798; Mon, 23 Dec 2024 06:48:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734965281; cv=none; d=google.com; s=arc-20240605; b=BfA6cmEEkPFly1e9oWdX+ObjhE2Lnox6ZO8VcKFxYnTdCzscw0I2BjOBGamhU9iPea NXXL3mmp2RRL4L1Y3BMpbxtPmQhvBrPGbYvPwl92Ea1UzC4A3gvgKQRbbp1yvctSKZo1 4GnC46a1C6G6bWjMzkAXodLL0u1thT9hRFKCNZJBQ+KHzjH8kLzLox5d+zT1UtUnjCdT tOxcUTygt29K0+AsY2dsL34vaaPtKixcjUHY6wjWgGhItbUJu81Tp5NWLDeA1qHFdtGH xq/OR4AOBEs06pfZarGc8zGbWPDaCmz2WLPTADZlhvWJoQ1WfmvBcHHQgcNQP/w5+NaE QxAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=vHTdZDoQHi0DGV+vWci9khHooRAXICaEiFLFbPsBXW0=; fh=GxVV1jPPRLga+oPsj1uHhvLGyASOoboRHaEc9n8kBQg=; b=EqyrmE+AyFbx9I+893GTLeF04zYuyU/W4Izn29pwzh7G0Lc1a7z3yWGJrmPfzxnRiw Nn3SXUxAcodvk2ndDdJwsUQrhKvxWTiE9bPMCEOjPULWRd0/mF1Ah2cJiPrZ1S1WG8GQ 8VJhtJ3liVROLH2G1AjZ6Kd9GZCUhlYr3LnHyS3Yr4VBK+SkMUPjC2NVWLLgi8zohLz2 a2+/6kAqF7l1dVRxnPmO7gmmx8i/Q61P4a9aTz135MSpLZvSxGLH8m/aNEoK4kCioDVt nDs0EijQH0SDnoSG/bSUEB1hXGcfxU5yeDlm6XsmB5EYifZB0lmJOqOZzZ+L+oLoSZPT 0bFg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Zffxw8yv; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id a640c23a62f3a-aac0e7f1175si581972966b.144.2024.12.23.06.48.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:01 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Zffxw8yv; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 33F8280704; Mon, 23 Dec 2024 15:48:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Zffxw8yv"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E8BAD80704; Mon, 23 Dec 2024 15:47:58 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 029DD80740 for ; Mon, 23 Dec 2024 15:47:55 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=raymond.mao@linaro.org Received: by mail-qv1-xf33.google.com with SMTP id 6a1803df08f44-6d88cb85987so35367936d6.1 for ; Mon, 23 Dec 2024 06:47:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1734965273; x=1735570073; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vHTdZDoQHi0DGV+vWci9khHooRAXICaEiFLFbPsBXW0=; b=Zffxw8yvojyN4pD211sFUmKkLk7uawq1WtJeHgzUIigE8gOTtr4KoqtPIWSHfvdBPU 7s/COeteWNyLvW3w+xoN5vj4AI1FEqrv07SSqDlVQyItkujz11jU7Bmz8wLF0P6cky/X tMJDg/oZUgTRfalcFz/owQ1A39b3rBndC07uH8S0mGbymbo8RHbOWWcWWhda2G0JCvYo qDHfjfFL2ED3tcM7npH6PMOmfhbn2UYaRr9Cug+h24j8NUnU2geZygnO/svxdnh3fT27 fUyhe/jkRe/1ETiXl8yPFkF1nhLXcAybU5os14YhmT+X8PdLboHFeM54QgBQtxyChDA9 TAug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734965273; x=1735570073; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vHTdZDoQHi0DGV+vWci9khHooRAXICaEiFLFbPsBXW0=; b=cPeLrRcfBH34CVoIOcCeg3Gc8I+i5mJEuV6GFnfH7mfLfszaorTADurUozxmNX8+J3 JVFARTT/WiG+6pI6eja+GSTy3W2EmQueNyk5bzlRN0q8G1xIx8LDIrI2830JYRx5Qrqo JFMRQTTLnm/bYrR6wk7jB6E7WIJRltCpJmw8jdkMBS/baKU85GVhEuMGZtR60fYDld55 a7VuVBcojHiVX7/HxIh4ERTATGjhdwQELjQoaYoGXQyCIMAtuGXtZhnQ1dsJn1HfUFCi EFEPTlNKnhPeDQvQ8hXmOc1Ss6g8q/pFBb2D3NxXCuiFNcKd8ZCwTC58k/R6nrndsH2E 2nsQ== X-Gm-Message-State: AOJu0YyEGK+NBlUxcasquw/EiuQhQdryWZ+57b2zGXwD4pXSn4OEFXdL yL7ZWlPPePvWsWTLPr4BTBXFMoBZV4zJYGDRZvCrSt6KQboHFtIM9QN7kv5xS5sSOMFiw9T5fzR 8 X-Gm-Gg: ASbGncsiOw/McP130YmVSY9cZxw15d+orF/x3DpVWQn242vTj5fy25ghqcUcAtwUKo7 TNZrvVZxoO77u9WVENPHOrBqRKsHZoSIZ0EEYbIMDkznr7JrAsNBi9Rej2wGkCwT9t2vbY2OM5P G3MlbCu0tsQFUlMzCRbW/kC8tTwdCXLTjk+EdfypiW367UDDk9muxdCu0uG8IUiv9ZnOLcbjU/c fmhzEkxkE8SHtPdE62VCp1fZImQoWBzzwix2dvLttbh35zWZodOXijBLRlu4ECwoR/+Fh7NRMuJ Pb7xwxdEKXG4+KPCPykcVTB2YZzCWwHrylxvTxjqndqWdfN/jVR/vEo= X-Received: by 2002:a05:6214:d6c:b0:6d9:429:ab4b with SMTP id 6a1803df08f44-6dd15499041mr246770786d6.0.1734965273517; Mon, 23 Dec 2024 06:47:53 -0800 (PST) Received: from ubuntu.localdomain (pool-174-114-184-37.cpe.net.cable.rogers.com. [174.114.184.37]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6dd181bb519sm44243246d6.83.2024.12.23.06.47.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:47:53 -0800 (PST) From: Raymond Mao To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Raymond Mao , Tom Rini , Heinrich Schuchardt , Simon Glass , Tim Harvey , Masahisa Kojima Subject: [PATCH 01/11] efi_loader: Don't warn if the TCG2 FinalEvents table is not installed Date: Mon, 23 Dec 2024 06:47:23 -0800 Message-Id: <20241223144737.554992-2-raymond.mao@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20241223144737.554992-1-raymond.mao@linaro.org> References: <20241223144737.554992-1-raymond.mao@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Ilias Apalodimas When the TCG2 protocol installation fails, we are trying to remove all the objects we created in tcg2_uninit(). However, there are cases when this function runs before the config table was installed. So instead of printing an error unconditionally check against EFI_NOT_FOUND and don't print anything if the table wasn't installed to begin with. Signed-off-by: Ilias Apalodimas Signed-off-by: Raymond Mao --- lib/efi_loader/efi_tcg2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 572c6b5bf6..a15c73162e 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -791,7 +791,7 @@ static void tcg2_uninit(void) efi_status_t ret; ret = efi_install_configuration_table(&efi_guid_final_events, NULL); - if (ret != EFI_SUCCESS) + if (ret != EFI_SUCCESS && ret != EFI_NOT_FOUND) log_err("Failed to delete final events config table\n"); efi_free_pool(event_log.buffer); From patchwork Mon Dec 23 14:47:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raymond Mao X-Patchwork-Id: 853066 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp3432320wrq; Mon, 23 Dec 2024 06:48:10 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXEhNWG40MnjZyaX4qYILGa/sUrCuyKgGw7i7J+9lVUB6dWIG6qOgTi9aMyT+V6NugA/ibVoQ==@linaro.org X-Google-Smtp-Source: AGHT+IFyjsI894Doagi18Hr7+LeZwBKOLGJmwNbdxUWAJy2neO2mejO3LeoGVXsD6Tpk4NzI3g3I X-Received: by 2002:a05:6402:358f:b0:5d3:e63c:7d71 with SMTP id 4fb4d7f45d1cf-5d81dd90636mr10810243a12.11.1734965290086; Mon, 23 Dec 2024 06:48:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734965290; cv=none; d=google.com; s=arc-20240605; b=akByC2F6oNX33woQXtw7yIbdjQlfTBEgnh+di+oUF2+d7tvABVoTXyLsqr+cyCnySv 9oMg4NcUeXQboMsEu4lYG4grLXH/aPn/s1KKYgZp1u0XrhwR0C3Y2jJg/5Rym+U4tLEo AVaCvVSvR11FjxJzIwOUUo5G687Gt1fmOMPAlahxLaHSJOcU/FPiGCzk2D4iM+PvU48O eMDfu1gfyl7Q/U1ixWUCaqxokrvJHfBZS8DHEUCrg8atd6lyb5LxLzG5qW+NSp9zuMnH W6PZ8acwR+YtT8Ej+rHtUFX71TYPsSNfcbCPWFyDl3o/HgYk57d//azxhtXVSki1yAd5 iPbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=+ws668TMTDz964Zlj4dYkLtGKdxvu+tpxcZhOqiDXJk=; fh=GxVV1jPPRLga+oPsj1uHhvLGyASOoboRHaEc9n8kBQg=; b=Z2niCx6UcCwZbMIjs56AlyNBoqns3Zmfl23Uu50/dXcDX97RxF/NQAklGLc+33Hlq3 TJWQwOcC5XJ4WEbUr49ZY0st/F0YlamJz8DUi6eIgK2s9zk2La5372jgeoqyKJawnlkH LWLqKHmx2FyCBbGME/+HBZ3y0xQORCZBwJ2TYQlxWajiSknOF++9ehxG3OxJrmwLD47x 2CBXNEEmVI9yD4dmUkN14McoGRM/0IRXfkJy/ZuDdq9CAY/uqPboonhgNM7LyPbiFaaY K5u4NUg7vPsA42azCKILK1LtuaDcdzpOXt6H4/YKFgNRBmcEf4hYyZEMXptY9P7iiUt4 /9DQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GXlnAubS; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5d8070310b8si5947386a12.556.2024.12.23.06.48.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:10 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GXlnAubS; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8113680761; Mon, 23 Dec 2024 15:48:06 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="GXlnAubS"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 6A40280758; Mon, 23 Dec 2024 15:48:05 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com [IPv6:2607:f8b0:4864:20::f36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 35CEA806D4 for ; Mon, 23 Dec 2024 15:48:03 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=raymond.mao@linaro.org Received: by mail-qv1-xf36.google.com with SMTP id 6a1803df08f44-6dd43aa1558so6420576d6.0 for ; Mon, 23 Dec 2024 06:48:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1734965281; x=1735570081; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+ws668TMTDz964Zlj4dYkLtGKdxvu+tpxcZhOqiDXJk=; b=GXlnAubS1PZMx2UR8LCxdAki1V5dGYiG9TiiSPuF42t1nXjZSixsGHS2kYqxS1i7ts Ewo+yhPGBfecQCqM8EYBPi6oVrGD5Nk6BQgtTrN14MCm1mwFRNJ3tthxwoeqftvx3/9D GMJ1+altXtdA9Q0pTC9Qrh7VIRdaMhXJbg1bRlQGAGt7r99K07XsH7kbHt6fWXIJbf4N PvE6W1Tb9L6nwqu/hJGtn9g+Sg5GRc3x+/0PnM7f14AEyRVhXMx2WYgJd2oD3qi0vfVW 4Zd8fjmwdIln+skCkZa9SagoxCGpiPgre5JVNfNW68huLEn6QjWe7vWH4khaTfdoLN/x vXwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734965281; x=1735570081; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+ws668TMTDz964Zlj4dYkLtGKdxvu+tpxcZhOqiDXJk=; b=MyyqamqL1KIfPg/RC4tO4EziNV0nzW0ttnRbTL98ks5GcVR9E1iGPH2oqqvt3HnbUk r/Men0g6XauqvtEqVN5c0k1BVtrtICN3HNBk3T39b0P3n2USQAvBaTRyLzGAzL3iX4pf rxvXAUCBSji+orDkm0rnQKt7yMO4m34tWRzGzgyxgY+Bo1i+v+/zdIU8Lc9e1KcYy46a VQXp/Lm7yiXOkkdEujbdJIoLFMrgbP0BC7cGU4amVvdNcYU5mtPA+C35sHVqBqRs3BmV AKUVNeFHVK4DYi2mBq3QDSf4isxPb+OC8slPz9ji5aG2JkEnkwmjTJu8FtjKuIrqtLmL ap9w== X-Gm-Message-State: AOJu0Ywg5Og/TXH534hjnOTFfWop9Mdx1KoS4sYFfKYTOro6Dgp+s46B gaQ8O4RPmbBBwoXEOk+K1Cwx50rdeQQ8ImsbMKCNzv+vcE9ufIMSTa21T7Ky6NcOzQnarft4dI1 6 X-Gm-Gg: ASbGnctDsfBKIM/LCyBZhesoi/Er+XHK/s2wfcbnM/ac0AV/jfQwARdKpCIJQiU3ois iUYKP8PX7sSujYje/T/hSnquHnK1l71H9pGWGj7P9On/ihWzzYnlgI/Q3pMd3iGOaSii7lx40X7 LDd0iETAmENFsFrNxKOAaKOV3LhSVAGY/MChnmxR1MbAOdxeGBBZBTrrV4faD7nB8htKM27UG+v iAsd4zGT7IDgRQ0c73VReExDcKI+RVef9iD+N54BQr2BgxJEPaABW55KJ61Zwgg5jF7eEuG+FmN 2flX+89lyUFauDoIaeNyj50jrg1sAQmMTGMd57NOsQvWzthOw4gmCkA= X-Received: by 2002:ad4:5b83:0:b0:6d8:8256:41d4 with SMTP id 6a1803df08f44-6dd233320fcmr204904346d6.19.1734965281693; Mon, 23 Dec 2024 06:48:01 -0800 (PST) Received: from ubuntu.localdomain (pool-174-114-184-37.cpe.net.cable.rogers.com. [174.114.184.37]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6dd181bb519sm44243246d6.83.2024.12.23.06.48.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:01 -0800 (PST) From: Raymond Mao To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Raymond Mao , Tom Rini , Heinrich Schuchardt , Simon Glass , Tim Harvey , Masahisa Kojima Subject: [PATCH 02/11] tpm: Rename tpm2_is_active_pcr() Date: Mon, 23 Dec 2024 06:47:24 -0800 Message-Id: <20241223144737.554992-3-raymond.mao@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20241223144737.554992-1-raymond.mao@linaro.org> References: <20241223144737.554992-1-raymond.mao@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Ilias Apalodimas This function is checking for active PCR banks, so rename it to something that's easier to read and closer to what the function does. Signed-off-by: Ilias Apalodimas Signed-off-by: Raymond Mao --- include/tpm-v2.h | 6 +++--- lib/tpm-v2.c | 4 ++-- lib/tpm_tcg2.c | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 4fd19c52fd..8c43f4fd9b 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -740,12 +740,12 @@ u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo); bool tpm2_allow_extend(struct udevice *dev); /** - * tpm2_is_active_pcr() - check the pcr_select. If at least one of the PCRs - * supports the algorithm add it on the active ones + * tpm2_is_active_bank() - check the pcr_select. If at least one of the PCRs + * supports the algorithm add it on the active ones * * @selection: PCR selection structure * Return: True if the algorithm is active */ -bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection); +bool tpm2_is_active_bank(struct tpms_pcr_selection *selection); #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index ad2b5ab0c3..cb636414de 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -847,7 +847,7 @@ u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, return 0; } -bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection) +bool tpm2_is_active_bank(struct tpms_pcr_selection *selection) { int i; @@ -907,7 +907,7 @@ bool tpm2_allow_extend(struct udevice *dev) return false; for (i = 0; i < pcrs.count; i++) { - if (tpm2_is_active_pcr(&pcrs.selection[i]) && + if (tpm2_is_active_bank(&pcrs.selection[i]) && !tpm2_algorithm_to_len(pcrs.selection[i].hash)) return false; } diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c index acaf0acb88..dc5a0644fd 100644 --- a/lib/tpm_tcg2.c +++ b/lib/tpm_tcg2.c @@ -44,7 +44,7 @@ int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, if (hash_mask) { *supported_pcr |= hash_mask; - if (tpm2_is_active_pcr(&pcrs.selection[i])) + if (tpm2_is_active_bank(&pcrs.selection[i])) *active_pcr |= hash_mask; } else { printf("%s: unknown algorithm %x\n", __func__, From patchwork Mon Dec 23 14:47:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raymond Mao X-Patchwork-Id: 853067 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp3432382wrq; Mon, 23 Dec 2024 06:48:18 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWyR3E8bjxMnlX6f8+f5znhrqOdgOY+CErG6VjB5iqMy+BdFOhHMvGjohMZ7KzkAUxf4B2ikQ==@linaro.org X-Google-Smtp-Source: AGHT+IFsa1ffI+DO1GtQ1EhXtf8ZWBFLLZu2+Mn83E18TxGHVsfSEYi5br4mUKZUdEUwoqF5mJdZ X-Received: by 2002:a17:907:d0c:b0:aab:c78c:a7ed with SMTP id a640c23a62f3a-aac33661a71mr1151882066b.49.1734965298630; Mon, 23 Dec 2024 06:48:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734965298; cv=none; d=google.com; s=arc-20240605; b=WPF9H7fnJTsdWOme5C6xHPl9LnXB0O9lf/z2ImDwifSHvtyIjrA5zb6t71hPwK8w7s t+KTGmoK7i3aBLI09bjIk8ritHFiOEo9aRQgtdmXkAvVy5dVSqXlwaV/bN3zr0oJvAej xeEER20zkqXqHss1o44wpewQJ+pGKEaroY5xHGZGsQ1jpr/56Ip5Ls8Qva0iV+62izVu 9PTb6AgV9U4pNGwUJyU4ONMROSGKmPXDwhT86kKdR5pNQtf9Yno0HidS7VSUUl+f6ljE xPU61p8VywFkmJdzrRHabe/vqqTl3ZVp36QWiw8Hjii44HJ9w4XdADIpUrTKCcKwDmIT DCnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=5sjv0G7m7DKrqwz/Yw3WQTPDxOB+R90hxSTRlMzp80A=; fh=MXFne/3XAK7RUtsOf/Btx/lXhXwtjQKdDpJclDZA50k=; b=VyLt3wkHfEDJRrq1tneKaYqHdhZnP+SYgh8Vqpjs1uHpr3YyagmyqdPvZpw9v63L9+ 6drNSTKOzzLiwSj1CY7sQ/CGvVlyc+P1Y3dH6v0llTUH6ERjGDXDTnSfely5B1FzfXUA s1W7UDUFMRnAKlAETsZDhL9j3x9GfMslUcdMHHCD3XSMxnFY8UcAqN0D3AxEKFb06W2M TdSl83Ta1urvQ3/YciyyOjgytXfHdAZJtkNOAmxRV6ApD0yGr2c5FTd1mZhoGCEvf3om Ame9x93utNH0QOfySN+KQhHt3kCjC9dgkNnaAl2eDi1g8iKAJJ/g8qU57mZH1dcgYUlC EdUg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=TDDgTL09; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id a640c23a62f3a-aac0e7f5635si576468466b.40.2024.12.23.06.48.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:18 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=TDDgTL09; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id DD67C80711; Mon, 23 Dec 2024 15:48:12 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="TDDgTL09"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A796F806D4; Mon, 23 Dec 2024 15:48:12 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 75D958073F for ; Mon, 23 Dec 2024 15:48:10 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=raymond.mao@linaro.org Received: by mail-qk1-x731.google.com with SMTP id af79cd13be357-7b6e4d38185so345522485a.0 for ; Mon, 23 Dec 2024 06:48:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1734965289; x=1735570089; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5sjv0G7m7DKrqwz/Yw3WQTPDxOB+R90hxSTRlMzp80A=; b=TDDgTL09IA3pNSu58092CABh+Wie4YOiU6QqVZg6UDQim/zDkc+bMJMhyQf0OzgkJc vRQ0q2T+oZKJfyPZrVLUK96MpOneT5Uu3tMdCbykW02I/WNJnkZLeqVIaXWkYzwPxrsU U+afuZQH9FYCJ4+qtj5PyQwd843W30tQMULn3GPEAu95lACQXlciLqBOgo2gdBJrDonF INURFMKtf7snTXpRTKw6x+sf1bQY/WwmR/wFtNRZTpHJGMq3ABTndpY72CMnQC0lwujP AeYnWePmVyqKAPOyWfeA1pbq9SkHeOLT3BIQUij4lTXoZgIbMaB43wJ1XuojmxZ74Ca/ VP7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734965289; x=1735570089; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5sjv0G7m7DKrqwz/Yw3WQTPDxOB+R90hxSTRlMzp80A=; b=VahJROYB/HF2B/jb9Dmnfe27NghdmvOY1vzU7Nd5/MBp0ZYztvCA5tRcVKdL5TrBs+ HibXEbtVVAbkStZysNBorlkwqWrQK4XBy8KtH/tlWmTef4OdjoHNCAwEppsP12sDsGip G4/m94cD7AmB/rcM09OnPp4PNEHrpK2cM9HL302hdDefPXvazP2MglnljyZF2namKUzN h30o3ClP8hNpxs2908t8we4kMfUkOIS8TuBcmhMxFrhKlLwLaGgV+5Nb1nIFGnNTWX08 tkD94+M052lXLNsYxu+grCnnQKzzwcC3IDmevLMiCbSUwRxyUzWvHqntAAv5oh0MWlO9 pnMw== X-Gm-Message-State: AOJu0Yz4M2ilngZY6FosYKXa5H4syTI+DzP1s2avWbOuiyltiYVdSE1w FE/lEFh1VPh4Pp8nvHycQ/AYOcdofwLeT1gv47SSB5P4m5b+vpX+zMfjo2T7hd/Im84KMqtQlPK W X-Gm-Gg: ASbGnctyVEgPVTmKMaJK/tlswckmBAd6U2Sz7PcnIArICpD3rwAAXwX6Ff6M3Ikpuhl +9lvtsFWa5o9zLJ5uypd5oTnSmHUOGw9tr3pdHmMtltgjBymy1Mum+M3fVkq/wV5Pfyv6iVCf2+ JmazMElHSVcDT9k+ez1FLLZGm6P/jty0Vrc8zvN1CArZyjTD+pMATqHKpEIT4NeUfeda/ybCjLA 9gi9gXAhU/FdnUWiRyImm5/qT345iVsUQvUDOBibjbsWjYMoZVeQlMB3QOO19+Z/r7GP8QUeHU2 JMBplVXnyoRrU2/Ci+fuYCYCqo8lCNWJ+YnEvJEgLcFyQVuqQhnO0/I= X-Received: by 2002:a05:6214:dac:b0:6d8:9124:8799 with SMTP id 6a1803df08f44-6dd2331f006mr244819506d6.5.1734965289187; Mon, 23 Dec 2024 06:48:09 -0800 (PST) Received: from ubuntu.localdomain (pool-174-114-184-37.cpe.net.cable.rogers.com. [174.114.184.37]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6dd181bb519sm44243246d6.83.2024.12.23.06.48.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:08 -0800 (PST) From: Raymond Mao To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Raymond Mao , Tom Rini , Heinrich Schuchardt , Simon Glass , Tim Harvey , Eddie James , Masahisa Kojima Subject: [PATCH 03/11] tpm: Rename tpm2_allow_extend() Date: Mon, 23 Dec 2024 06:47:25 -0800 Message-Id: <20241223144737.554992-4-raymond.mao@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20241223144737.554992-1-raymond.mao@linaro.org> References: <20241223144737.554992-1-raymond.mao@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Ilias Apalodimas When that function was introduced we were only using it to check if extending a PCR was allowed, so the name made sense. A few patches ago we used that function to reason about the EventLog creation and general usage of PCRs , so let's rename it to something more generic that makes more sense in all contexts. Signed-off-by: Ilias Apalodimas Signed-off-by: Raymond Mao --- include/tpm-v2.h | 5 +++-- lib/tpm-v2.c | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 8c43f4fd9b..87b2c614ad 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -732,12 +732,13 @@ u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo); */ /** - * tpm2_allow_extend() - Check if extending PCRs is allowed and safe + * tpm2_check_active_banks() - Check if the active PCR banks are supported by + * our configuration * * @dev: TPM device * Return: true if allowed */ -bool tpm2_allow_extend(struct udevice *dev); +bool tpm2_check_active_banks(struct udevice *dev); /** * tpm2_is_active_bank() - check the pcr_select. If at least one of the PCRs diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index cb636414de..0edb0aa90c 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -197,7 +197,7 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, if (!digest) return -EINVAL; - if (!tpm2_allow_extend(dev)) { + if (!tpm2_check_active_banks(dev)) { log_err("Cannot extend PCRs if all the TPM enabled algorithms are not supported\n"); return -EINVAL; } @@ -896,7 +896,7 @@ u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo) return 0; } -bool tpm2_allow_extend(struct udevice *dev) +bool tpm2_check_active_banks(struct udevice *dev) { struct tpml_pcr_selection pcrs; size_t i; From patchwork Mon Dec 23 14:47:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raymond Mao X-Patchwork-Id: 853068 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp3432618wrq; Mon, 23 Dec 2024 06:48:45 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXBSq/Xn4When11xBVLiAcOXFYlJZBXQ9Gcql8sZdALTxE0beIyOp0v6uO9HwA9J9xcCUiZMQ==@linaro.org X-Google-Smtp-Source: AGHT+IEymGiZF2f/6JvIZIKaY3EIh3dUuNN/2JCkifJ2rdIKKN2TMXH0INVaefMZ119yrzTzcgF2 X-Received: by 2002:a05:6402:524d:b0:5d2:723c:a57e with SMTP id 4fb4d7f45d1cf-5d81ddacfeemr12359186a12.16.1734965325124; Mon, 23 Dec 2024 06:48:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734965325; cv=none; d=google.com; s=arc-20240605; b=aZ1f29wrkEVzGCdFDhPn5AqiMPaLOozVP5B3E6Yp2ccookufyp5C8Y7kPbvtkexu1z kDw0pTpLZ43R0mxC6sZd0Hf0112pFqRLCXuB/snK54pfVs/c33n6Gaa00tLl2Ta6NP9V WmngX3m1JskhborXwgCDb9NXa07tmlrVDeXuazb1AS+A2kd8pt639L/Tr2igKDWbljFB WRkLBT1z8IdZVU/t6vT8RSl4yMgsqRMJJTRaiTbOrwpZzJ99gnMii+yMZjk71gS7uaHo j6e5ckOWR1nM/xaNGQTawM0KSVV1vtmNHYI3MSzYiMs6zIiQBlwTl2soGBQcbB1dUnrp 5JKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KkbLeLofMh2KBTZutmjFrgnp+wAuGYWaa2Tc92zGGX0=; fh=JwI1T3Njxx0vlNnAg5N5jQGYex21sQ2C4f5jT2UIKcY=; b=cpRTgas3nOxuXZ76L5ApeykonU/cVhAuNqo4CeCxtBn6TXwS2v9ybNPCy2sYjeOrmA wfMfpQTueWJ6GEN17TwZOuJwXqSqdHXYqHtrvjy104VUS0zsMqSigwT7bp/zMwRz+miX d8Ctr6q2/3In5pdo2jQQgGFsFdmI5yLs3uqk2dezIwzzACSOHH3odqMQx2ibsyM8U37L QWWq7LdpYn8uNNdPhtsDTqRhK+eopjPp+fv4zu9NbY+IVSR6bcHlb4x4+A9pEfaIabDF Oy56oDwzvu/kp5EivQmL4iRahAH3no4vWa/FksHPC3bbotLUYi/71pAgcZlcE38lh3F3 qpxg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=oYxkn78q; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5d807056456si5779185a12.627.2024.12.23.06.48.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:45 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=oYxkn78q; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0255E806FC; Mon, 23 Dec 2024 15:48:37 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="oYxkn78q"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 35366806FC; Mon, 23 Dec 2024 15:48:36 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 34FA6806D4 for ; Mon, 23 Dec 2024 15:48:32 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=raymond.mao@linaro.org Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-4679fc9b5f1so33024481cf.1 for ; Mon, 23 Dec 2024 06:48:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1734965311; x=1735570111; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KkbLeLofMh2KBTZutmjFrgnp+wAuGYWaa2Tc92zGGX0=; b=oYxkn78q4tfnPDP6q+CKtQ0wPenThVnJcIbdZDNcTCwUDbmQCfQ06Lx1pOWYxMRXxb 6oF1v8ZOVzbBjb0tuc9fGw32adrbxw8tdW0CALTSrwySKclLb0G6qlUr0VQ9bI/4j9si lXvhq8NSluO69NvML2VQMthXTf2GmCnv/QptOvQaQbAJ6LxpalPvSMGYqIjBq4lmh4UH A/+FfLSADVAjy2gK3GaYaEuLH9/1HdjJuLZskfbSrwvAAyuPWWTJm59VxxjiZsAOQwE9 hwXBG5/2I4O6+QitRjT0BVY8rGbz6g/6up+4mqjRn+uI7bBwY5602AogPUeeUbxjYYem VULQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734965311; x=1735570111; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KkbLeLofMh2KBTZutmjFrgnp+wAuGYWaa2Tc92zGGX0=; b=jIYp3Mlb/a+D2FFWBb7AZcNNZpEjvhhC7WZ00IAyVDuEqzQRsra8McAZfpQyKVZ8DO kUlRiMT9RxKshhw4E22Kwj1W+Wj+Pbl6hf2Srv+k6hoN7Iadk7mTtMgccFkxbWPCoT0i 674T13wCIwTgoOqFJGXMJuGkF0qarC6iWAaDPED5sVVo/YZwi4gn9IopCbh/w6692I4d tK/2D/1Ih6hfdo+oyPX9aq+vU221NZqAVw5zHvMhMsLXRSOR6DQ12yZijeN8qgbFdjOn /Cj4ld15yvgG4Wft4oS6v2sveEM9nPgETI2mUsmXiwP3w/77Z1fnmmjqh3zcmOGCUccW FCMw== X-Gm-Message-State: AOJu0YxNWiYqXfRezp/slbeq/uf1ImPL0Ydc7rogdjPlUUQh8EK6jcDL 7vWgBAAV6kpHPMpY0L7pbPIIVr0mmwdYtiEGN5OSj7v7zatkANORrwJf3Grq405KhmvwlCouT79 p X-Gm-Gg: ASbGncvPwfYvA8MQRTAqcGNewo++u7VSymOl3tzwdPIIr7dzl2sZ9lY/cw6VsBQxV6w XoIauKMdo7ldRhPSBvG8NU70TOo0uD2wykDRl2Tw2ytl6W9zNoxdCdjhg5Ltc+3u8rj+uHYAtfo DdR4bYxj1ESs0colu+M6eqLr3VD0mW9TsHbcHTaoHQFhKwTobFJW5tDO7RPyUHWtDZVMZoftvYD JgtG2W+SdelFiOiZxN5Q69+mtEeTQuc4hDwVUoRpqqPtz9y4XSOVZicSeM+47v7yT+E8ls+PSN8 SG6VFq3PXEjSvjWdCoJ5DCWt0+z0H5RGH7LxNsFZdMueVtNdZiwmKyA= X-Received: by 2002:a05:622a:14c:b0:466:8616:2553 with SMTP id d75a77b69052e-46a4a9a3503mr222692571cf.48.1734965310861; Mon, 23 Dec 2024 06:48:30 -0800 (PST) Received: from ubuntu.localdomain (pool-174-114-184-37.cpe.net.cable.rogers.com. [174.114.184.37]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6dd181bb519sm44243246d6.83.2024.12.23.06.48.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:30 -0800 (PST) From: Raymond Mao To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Raymond Mao , Tom Rini , Heinrich Schuchardt , Tim Harvey , Simon Glass , Eddie James , Masahisa Kojima Subject: [PATCH 06/11] tpm: Don't create an EventLog if algorithms are misconfigured Date: Mon, 23 Dec 2024 06:47:28 -0800 Message-Id: <20241223144737.554992-7-raymond.mao@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20241223144737.554992-1-raymond.mao@linaro.org> References: <20241223144737.554992-1-raymond.mao@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Ilias Apalodimas We already check the active banks vs what U-Boot was compiled with when trying to extend a PCR and we refuse to do so if the TPM active ones don't match the ones U-Boot supports. Do the same thing for the EventLog creation since extending will fail anyway and print a message so the user can figure out the missing algorithms. Signed-off-by: Ilias Apalodimas Co-developed-by: Raymond Mao Signed-off-by: Raymond Mao --- include/tpm-v2.h | 7 +++++++ lib/tpm-v2.c | 23 +++++++++++++++++++++++ lib/tpm_tcg2.c | 27 ++++++++++++++++++++++++++- 3 files changed, 56 insertions(+), 1 deletion(-) diff --git a/include/tpm-v2.h b/include/tpm-v2.h index c49eadda26..6b3f2175b7 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -770,4 +770,11 @@ bool tpm2_check_active_banks(struct udevice *dev); */ bool tpm2_is_active_bank(struct tpms_pcr_selection *selection); +/** + * tpm2_print_active_banks() - Print the active TPM PCRs + * + * @dev: TPM device + */ +void tpm2_print_active_banks(struct udevice *dev); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 96c164f2a5..bac6fd9101 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -926,3 +926,26 @@ bool tpm2_check_active_banks(struct udevice *dev) return true; } + +void tpm2_print_active_banks(struct udevice *dev) +{ + struct tpml_pcr_selection pcrs; + size_t i; + int rc; + + rc = tpm2_get_pcr_info(dev, &pcrs); + if (rc) { + log_err("Can't retrieve active PCRs\n"); + return; + } + + for (i = 0; i < pcrs.count; i++) { + if (tpm2_is_active_bank(&pcrs.selection[i])) { + const char *str; + + str = tpm2_algorithm_name(pcrs.selection[i].hash); + if (str) + log_info("%s\n", str); + } + } +} diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c index 4682f7664f..7ecd53106f 100644 --- a/lib/tpm_tcg2.c +++ b/lib/tpm_tcg2.c @@ -568,11 +568,36 @@ int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog, bool ignore_existing_log) { struct tcg2_event_log log; - int rc; + int rc, i; elog->log_position = 0; elog->found = false; + /* + * Make sure U-Boot is compiled with all the active PCRs + * since we are about to create an EventLog and we won't + * measure anything if the PCR banks don't match + */ + if (!tpm2_check_active_banks(dev)) { + log_err("Cannot create EventLog\n"); + log_err("Mismatch between U-Boot and TPM hash algos\n"); + log_info("TPM:\n"); + tpm2_print_active_banks(dev); + log_info("U-Boot:\n"); + for (i = 0; i < ARRAY_SIZE(hash_algo_list); i++) { + const struct digest_info *algo = &hash_algo_list[i]; + const char *str; + + if (!algo->supported) + continue; + + str = tpm2_algorithm_name(algo->hash_alg); + if (str) + log_info("%s\n", str); + } + return -EINVAL; + } + rc = tcg2_platform_get_log(dev, (void **)&log.log, &log.log_size); if (!rc) { log.log_position = 0; From patchwork Mon Dec 23 14:47:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raymond Mao X-Patchwork-Id: 853069 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp3432708wrq; Mon, 23 Dec 2024 06:48:54 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVB/kWr5g3dVAeWs3MdWLg+XrApHRMUeqHCj6rt2jXGy/bAeuHiIU9Gzzm68aS4LuEBvUf/5w==@linaro.org X-Google-Smtp-Source: AGHT+IE+gXA4QOE8R0OdraKcQ9HJml0+tOzIZPxqO8Lak31P2vaukscxr/8rdHfQ7eKEzKWBcJIY X-Received: by 2002:a17:906:b102:b0:aa6:9d09:b17b with SMTP id a640c23a62f3a-aac0826ed0dmr1429661566b.28.1734965334079; Mon, 23 Dec 2024 06:48:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734965334; cv=none; d=google.com; s=arc-20240605; b=ZVqymgeARqWCwnVd4yc18jCawMFNqO3EGX4AbZOhIA9QR2R+L9o5etwwjUFOZy8hMt ycJ1vXuF1WgTzUKa1Dso8tXw+nATXTPYBegRRu2YDhwk5RBh2/Vohjc3JM2mMSPwjSVu WOoVGWLovJSqU4pDu9du7oiJ1qaxQsTyT+ahu4721yFKhGvRYDRyG1V7MVdasztC4OUq Fb7tK2YtO5aypzZt+5sdRP66sh0y2445GfUUEVEesQ2KoWpTvhod78MILHBg4BdkDdFN EOIzW0iHe8A5q22HLD/lXXO1TTNkp7ohvkB7VxMfwGm7Ylho7n+MVI+T3sK3ZdA81iIt ecMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ftR5lbR05gDbybhzxCixIlns72k8JxQ3zUrMUfVWPy8=; fh=JwI1T3Njxx0vlNnAg5N5jQGYex21sQ2C4f5jT2UIKcY=; b=J3pKJuLzcXbxNlnrYU3FDxYsKmDaBICiH5vPes9uv9Huy9QOfhGas0Ek05MH5wSOdH hAh+hbGMUQ3mdM6eTbjuOMODDb0EF3N1Hb61d6N+fMl+1SuAAmn/CDab0LRrRlv4Zs6V S9zSn8gx/kWDBFz0rmhISQWfqNrAYseWdF/GTqafT2A0k01FjnA/xgtiFqw5bmZoDucn x2y0q2Vn84RAL4DMFjc0yaNAKPGX8iSYBuW440jTiGn0Kw3x81TR7wReuIvOWNnBDlAI JMNu9O7N6jjZnq3qDvslZDPZfCrn7a5QESsakvRhuhBiZSUvAgA8WBC/my3um+4ds2Co HWxw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=mGqVU7sg; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id a640c23a62f3a-aae9b9c687esi312575466b.429.2024.12.23.06.48.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:54 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=mGqVU7sg; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 568DA80711; Mon, 23 Dec 2024 15:48:44 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="mGqVU7sg"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 67B1D8074B; Mon, 23 Dec 2024 15:48:43 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qv1-xf29.google.com (mail-qv1-xf29.google.com [IPv6:2607:f8b0:4864:20::f29]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2791B80771 for ; Mon, 23 Dec 2024 15:48:39 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=raymond.mao@linaro.org Received: by mail-qv1-xf29.google.com with SMTP id 6a1803df08f44-6dcf63155b0so20119806d6.1 for ; Mon, 23 Dec 2024 06:48:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1734965318; x=1735570118; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ftR5lbR05gDbybhzxCixIlns72k8JxQ3zUrMUfVWPy8=; b=mGqVU7sg5WOzOAk2NGPyOqm8dnZCQ8Jz/Cn+FOlWfOED83ZyNJkWT6e9883Pn+IflV ZdnZIy4/xDKE0zM9hP0JIyU2eSBwTZRxC9v+tE19ex8LBcbhqsff16rhMfP3eWMqi+cO Oo3/gQEUanc8CZZb205EVMyRFFhOFGlCL/yQS05Qf9a39OQWNT4QJ6wmYHj3gEG8LKCp oN6ALfG5nkRha+pjeOtopWGJsmuU8F5wGpx5xRgp5Z+bjNbVY9BgsH+39gFu1++e4c2L X/BiEcplqE7bjehUtH6RP2wXZZzjkZwVnMAG96TOFswZllio68EXrKf5KL1Fj2jrwMQc 4Crg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734965318; x=1735570118; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ftR5lbR05gDbybhzxCixIlns72k8JxQ3zUrMUfVWPy8=; b=OymhZldTqmwetpMIQVA83bqkE+D78HF09sM5tpNfsJ8UR9NEFC37ZDSuSR73RZv8bl GI/DOVdLH6F542L55a+cBnmOkIVsqp/0lObsOMh2HntZKpTWssZ1maYdIRlhnGwUsNda u3SVY6tPsdFaWCr4rNUrD6t3r7ychiwC1I7ITki6JptdxL0UyMWoXMrIna23p8nmCbJp 0apE6uvz6X+JMPwtRo+EGnzJPM/cYTnpsmZIAPRANwjluS4+yCyLkAG1yzDuRHtg1Pml kW61bClYnLYY602C01dID+v+qZYbMFEKLKccfsJKd7Bj/sWpnwd3iig3uEEdf16VFFPE vDnA== X-Gm-Message-State: AOJu0YwDUwWiZBFktLZTtiMn/lVv+P2V9zlcPMiHbENJ7wos/pyZrHcp kT9j4MKI17loBatjYxK2fil4mKo1Ymr/MZIbHrptQomG4HYXYx2vx+G/xLBU3D8mp/xVH0Kk680 T X-Gm-Gg: ASbGnctZ/DFWvfnWQOiC3KhQwq4ZjYFg5TF1RzKhghOY7t6DgVxYx+niSE2ZAPk42Wn Ts5cjHtCZHxrlQApk1D5FCTn6aCmRz2xhP/i88XDb/CG19EcXkTlYnWRr4j1htKXNDyg0hpRti4 N/KoDz7srhxi6FUXf9A1CxY8TmDCd8Vj0RqP/a1xws//f98pXkItTBb/xeIGKJaSvsR9MhmNYsc iVtzv5PLdu75DsOQBzAfWVvyuI5ZApSMUwnw+iYcp8lqtDATwjRSUnfje2hc0pmBfEDfQ/PJ9M8 QccX/bR8hv81hI5WeP6PqHaTXXyYw998OtIyyIi3BHv+n/cv0m/B3hM= X-Received: by 2002:a05:6214:2689:b0:6d8:8f14:2f5f with SMTP id 6a1803df08f44-6dd23349b0dmr251016096d6.23.1734965317850; Mon, 23 Dec 2024 06:48:37 -0800 (PST) Received: from ubuntu.localdomain (pool-174-114-184-37.cpe.net.cable.rogers.com. [174.114.184.37]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6dd181bb519sm44243246d6.83.2024.12.23.06.48.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:37 -0800 (PST) From: Raymond Mao To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Raymond Mao , Tom Rini , Heinrich Schuchardt , Tim Harvey , Simon Glass , Eddie James , Masahisa Kojima Subject: [PATCH 07/11] tpm: Keep the active PCRs in the chip private data Date: Mon, 23 Dec 2024 06:47:29 -0800 Message-Id: <20241223144737.554992-8-raymond.mao@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20241223144737.554992-1-raymond.mao@linaro.org> References: <20241223144737.554992-1-raymond.mao@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Ilias Apalodimas We have a lot of code trying to reason about the active TPM PCRs when creating an EventLog. Since changing the active banks can't be done on the fly and requires a TPM reset, let's store them in the chip private data instead. Upcoming patches will use this during the EventLog creation. Signed-off-by: Ilias Apalodimas Signed-off-by: Raymond Mao --- include/tpm-common.h | 18 +++++++++++++++++- include/tpm-v2.h | 10 ---------- lib/tpm-v2.c | 27 +++++++++++++++++++++++++-- 3 files changed, 42 insertions(+), 13 deletions(-) diff --git a/include/tpm-common.h b/include/tpm-common.h index 1ba81386ce..fd33cba6ef 100644 --- a/include/tpm-common.h +++ b/include/tpm-common.h @@ -42,12 +42,22 @@ enum tpm_version { TPM_V2, }; +/* + * We deviate from this draft of the specification by increasing the value of + * TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2 + * implementations that have enabled a larger than typical number of PCR + * banks. This larger value for TPM2_NUM_PCR_BANKS is expected to be included + * in a future revision of the specification. + */ +#define TPM2_NUM_PCR_BANKS 16 + /** * struct tpm_chip_priv - Information about a TPM, stored by the uclass * - * These values must be set up by the device's probe() method before + * Some of hese values must be set up by the device's probe() method before * communcation is attempted. If the device has an xfer() method, this is * not needed. There is no need to set up @buf. + * The active_banks is only valid for TPMv2 after the device is initialized. * * @version: TPM stack to be used * @duration_ms: Length of each duration type in milliseconds @@ -55,6 +65,8 @@ enum tpm_version { * @buf: Buffer used during the exchanges with the chip * @pcr_count: Number of PCR per bank * @pcr_select_min: Minimum size in bytes of the pcrSelect array + * @active_bank_count: Number of active PCR banks + * @active_banks: Array of active PCRs * @plat_hier_disabled: Platform hierarchy has been disabled (TPM is locked * down until next reboot) */ @@ -68,6 +80,10 @@ struct tpm_chip_priv { /* TPM v2 specific data */ uint pcr_count; uint pcr_select_min; +#if IS_ENABLED(CONFIG_TPM_V2) + u8 active_bank_count; + u32 active_banks[TPM2_NUM_PCR_BANKS]; +#endif bool plat_hier_disabled; }; diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 6b3f2175b7..6e9bc794f9 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -34,16 +34,6 @@ struct udevice; #define TPM2_HDR_LEN 10 -/* - * We deviate from this draft of the specification by increasing the value of - * TPM2_NUM_PCR_BANKS from 3 to 16 to ensure compatibility with TPM2 - * implementations that have enabled a larger than typical number of PCR - * banks. This larger value for TPM2_NUM_PCR_BANKS is expected to be included - * in a future revision of the specification. - */ -#define TPM2_NUM_PCR_BANKS 16 - -/* Definition of (UINT32) TPM2_CAP Constants */ #define TPM2_CAP_PCRS 0x00000005U #define TPM2_CAP_TPM_PROPERTIES 0x00000006U diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index bac6fd9101..bc750b7ca1 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -23,6 +23,27 @@ #include "tpm-utils.h" +static int tpm2_update_active_banks(struct udevice *dev) +{ + struct tpm_chip_priv *priv = dev_get_uclass_priv(dev); + struct tpml_pcr_selection pcrs; + int ret, i; + + ret = tpm2_get_pcr_info(dev, &pcrs); + if (ret) + return ret; + + priv->active_bank_count = 0; + for (i = 0; i < pcrs.count; i++) { + if (!tpm2_is_active_bank(&pcrs.selection[i])) + continue; + priv->active_banks[priv->active_bank_count] = pcrs.selection[i].hash; + priv->active_bank_count++; + } + + return 0; +} + u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode) { const u8 command_v2[12] = { @@ -41,7 +62,7 @@ u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode) if (ret && ret != TPM2_RC_INITIALIZE) return ret; - return 0; + return tpm2_update_active_banks(dev); } u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test) @@ -69,8 +90,10 @@ u32 tpm2_auto_start(struct udevice *dev) rc = tpm2_self_test(dev, TPMI_YES); } + if (rc) + return rc; - return rc; + return tpm2_update_active_banks(dev); } u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, From patchwork Mon Dec 23 14:47:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raymond Mao X-Patchwork-Id: 853070 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp3432770wrq; Mon, 23 Dec 2024 06:49:03 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXqIk/NsVi+peuXKSgy9KzV/ydHn1xuoCDsGPHcmCbul85/+mg4v0fRw3+OqqYa88ezR9Gl8w==@linaro.org X-Google-Smtp-Source: AGHT+IEhWKHGq5MExIxWxMmsNDu9xCMHKgTD7C5hZ+ZwP8Ex7Ttx2QZWTQizORYpO0+JINlzFRDd X-Received: by 2002:a05:6402:2805:b0:5d3:e45d:ba7c with SMTP id 4fb4d7f45d1cf-5d81de02043mr10189693a12.29.1734965343535; Mon, 23 Dec 2024 06:49:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734965343; cv=none; d=google.com; s=arc-20240605; b=Aujed0yK8ZRR/3CRyo7GzbB/0PyzafJNG/lesugrh+i726SNpirMVT8yuvSdPuxxpt iZGYEAEksy1T4vqQTQy5Gpf1dZg94hmOYfKWgKbm+TfV3cc3KNuSrKs1TWH2kycLWzuj WErOewf+YcVuji/+RwHPlpDoC+VkrD/xd9EM2sF8CCiWlbjYKBnM1wRAcvLzNNgDSHcJ B0L03AMY56KkLDBOHOKuhIAiwg4FWfjVykdOjnx3ZjdK24vo3V8yD99yF9GKHexiJqIP yVXWU+yvpNgCKFXMg361kq49Q3Jhx0KznX3Inn+jYr1KbFRRMyr5MgCZ94kY8j3uKmBY W5AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=q+Hdz8dkLhHoH8ZELugDuge1uFhydeRq0MapwYRfScA=; fh=MXFne/3XAK7RUtsOf/Btx/lXhXwtjQKdDpJclDZA50k=; b=BEBsPdVFESRpxJxAg1ax3sl3ZoCd3AnKZhKFvKlRfhy2oIh4xryxM8INjraZA/zrBI Oqe932cYLB1jSs32Bl6pA62nn3V8dqSr+TNmXRbZcn8Dxg7yP7jMegFCJlhAfTJ+TlZc eQjSPOB6kQCrvY7DR9IcC3BeN7f6v91eesJdOjJeZwWAdqMD6Dq5Jlodtcx3x4bk3Yj6 9SKko9AtBvV8zhbCFHeQTdO1yssn/e2FrFKUb0RQL0byfAOL5yYEmONzZX4XoWyjU6I0 dQG78lm87ZuekDjuRJSKrZ8AfjLW0uMM+hSszRyAyM/iip2J7vDIp0fnC7CyiPwtO/U3 H59g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cz9WydMA; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5d806fc867fsi5810082a12.209.2024.12.23.06.49.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:49:03 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cz9WydMA; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id AA0F7807A7; Mon, 23 Dec 2024 15:48:49 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="cz9WydMA"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id D6E7E806D4; Mon, 23 Dec 2024 15:48:47 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com [IPv6:2607:f8b0:4864:20::f36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8D62B80771 for ; Mon, 23 Dec 2024 15:48:45 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=raymond.mao@linaro.org Received: by mail-qv1-xf36.google.com with SMTP id 6a1803df08f44-6d8f99cb0d9so33594856d6.0 for ; Mon, 23 Dec 2024 06:48:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1734965324; x=1735570124; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=q+Hdz8dkLhHoH8ZELugDuge1uFhydeRq0MapwYRfScA=; b=cz9WydMAC9ync5nTcHPzYMaxYMnmDRkZBzHdGeSlkBqcBqrUL4JviI/T3loc6WvQ74 cZVF2PEmk5r3i5ds0tGlSP/q4ukKxNwUJf2SffywArW8mjSANptohhZL1DBsnJaPbWW3 AVz7wIe3YFNbO/5W1IkeMVe1WRSRhuopt1FoH0FzX7f57xRCDo+JM0xOITwd9NU6kVJU CELgOfL1aiQsf+oinXgXQYUWZ2xc6wSN/A3sBlvcS2y8/qEGB2FUfJcz0ZPJaXXdbuhj 7glSr0QFofMwu/NnbGqkqCW4ESJ7t8hIArPrZV3AaV7Wpm3eD/luXQ8ctyBYZKtArMkV fA6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734965324; x=1735570124; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q+Hdz8dkLhHoH8ZELugDuge1uFhydeRq0MapwYRfScA=; b=ioWBwECviJU6jp1dbcNX+YwmP4nIwt7/gYYY8u4b0lv/580SLiTmiqi8mY6u1ihV2p 6C/x24SYODx/l151Y12BYCDcH7jS5iq/IlgAUB3B+/H4s0bm5pnNGFBe1UtTydsoPxMo g+CO2QMU+w8u11zKH8mKQEGSPmtbfPvgnZ0YyLXd7gQC+EpNL/CCnXW/F2isVDCyOk4Z zeFTGHp9gG7glBcZDgqwt2cgzSzmgAwmzxh6BaipHXpM2dyhQnqrpaFpEJEifNecibKK mcoY5XnLBQmv7p2S2TsTgpCOT8e5s8plCLC4VN2at6EU+NlGReZIOh/capQq6kvD0Olw U3Lw== X-Gm-Message-State: AOJu0YxgZnO98M0IKI6rkP7ZaETWXUO1UeIf1rII5wdZrb+m8NTe1LLB QjBBevR0/rk0b7dFXBhWLmybXSMyqCljoeDDTiosk0Tym+0dJiVi9BbNAmx6aytZjvlzTHy/w/s b X-Gm-Gg: ASbGnctOJNTzds2+ZW+2cEcP6ra+ItXuoTCYWOkt6+NuTl5aV3E1/E4mycItwD0dRe3 TFMrKF5W78KsrdGt4zEo7DRGCxiqjx2byIrq9gziUpTn+NNklyauBKuWMQ0Emj823D/VBSLOk41 mNHYreQWTrlAX099ar6uznprC/bzZLd+iDhEVTd/gU7clCFyTtRrbBtai1+JgoVnrvYsVhyzIrE v3WZngFwWc85/XzIDhFscwaYKAEKbhuDyWTJ1o30KUEvoLGk5SEHMqO9/rzgFC7pnUAqztvBI8D tSnfXCG7WQzl8SPd1uI8jDLlz+dLCjBnsy0nOsNhzDqhCrRvGOaB3z0= X-Received: by 2002:a05:6214:2b0e:b0:6d8:9677:fbe4 with SMTP id 6a1803df08f44-6dd2331f2f8mr253750366d6.9.1734965324264; Mon, 23 Dec 2024 06:48:44 -0800 (PST) Received: from ubuntu.localdomain (pool-174-114-184-37.cpe.net.cable.rogers.com. [174.114.184.37]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6dd181bb519sm44243246d6.83.2024.12.23.06.48.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:43 -0800 (PST) From: Raymond Mao To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Raymond Mao , Tom Rini , Heinrich Schuchardt , Simon Glass , Tim Harvey , Eddie James , Masahisa Kojima Subject: [PATCH 08/11] tpm: Simplify tcg2_create_digest() Date: Mon, 23 Dec 2024 06:47:30 -0800 Message-Id: <20241223144737.554992-9-raymond.mao@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20241223144737.554992-1-raymond.mao@linaro.org> References: <20241223144737.554992-1-raymond.mao@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Ilias Apalodimas A previous patch is storing the active PCR banks on the TPM private data. Instead of parsing them on the fly use the stored values. This allows us to simplify our checks during the log creation and parsing. Signed-off-by: Ilias Apalodimas Signed-off-by: Raymond Mao --- lib/tpm_tcg2.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c index 7ecd53106f..9bdbe411e9 100644 --- a/lib/tpm_tcg2.c +++ b/lib/tpm_tcg2.c @@ -94,25 +94,18 @@ u32 tcg2_event_get_size(struct tpml_digest_values *digest_list) int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length, struct tpml_digest_values *digest_list) { + struct tpm_chip_priv *priv = dev_get_uclass_priv(dev); u8 final[sizeof(union tpmu_ha)]; sha256_context ctx_256; sha512_context ctx_512; sha1_context ctx; - u32 active; size_t i; u32 len; - int rc; - - rc = tcg2_get_active_pcr_banks(dev, &active); - if (rc) - return rc; digest_list->count = 0; - for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { - if (!(active & hash_algo_list[i].hash_mask)) - continue; + for (i = 0; i < priv->active_bank_count; i++) { - switch (hash_algo_list[i].hash_alg) { + switch (priv->active_banks[i]) { case TPM2_ALG_SHA1: sha1_starts(&ctx); sha1_update(&ctx, input, length); @@ -139,12 +132,12 @@ int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length, break; default: printf("%s: unsupported algorithm %x\n", __func__, - hash_algo_list[i].hash_alg); + priv->active_banks[i]); continue; } digest_list->digests[digest_list->count].hash_alg = - hash_algo_list[i].hash_alg; + priv->active_banks[i]; memcpy(&digest_list->digests[digest_list->count].digest, final, len); digest_list->count++; From patchwork Mon Dec 23 14:47:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raymond Mao X-Patchwork-Id: 853071 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp3432869wrq; Mon, 23 Dec 2024 06:49:15 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWZKoi4RELlFJcnhs5Al5yxGYxz2spIvIyMh6YEL53X0kTfGGAMwCr7IAESCBeic2bMFhjc9Q==@linaro.org X-Google-Smtp-Source: AGHT+IHqa0qTWZlDrKHKjGD6EWwmer+LhbNuDMLnS+7ZdQwYY2rQY1cYOKdimDQ7xDsVbR4aWHnq X-Received: by 2002:a17:907:944b:b0:aa6:73ae:b3b3 with SMTP id a640c23a62f3a-aac2d13c90fmr1338773266b.32.1734965355348; Mon, 23 Dec 2024 06:49:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734965355; cv=none; d=google.com; s=arc-20240605; b=SRlQ2GToexTxW5mqdK2jyerf5YOX9yUjx1Eyg1pksX74o0ddWUDD3l9EOhT99695Pj F8g36VsBTKeySXM0U/kYlMyluUnqO6u2CQrlqvtNmFTjAsI66BJF0I8az8Yh9aGxh483 hPzBSKW17fNHczNVFKhbMhyygDf3C7vKYFuabR7VeDeVZqqjgooZKU4ux4bHAxbj5QN0 WT+ixVQ8jsvhp/XKyM3pL1mLqYRe97WF7Wd0vHrmS1HyUb3mC2tXiBg0mRhcCt9LutTX wueYg2pEfSdNJCpapmfsaWN0afJrj03NqiZG4MdCWfrQLvZj5uwxLIr3lD4xXfH9wz9/ xqgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/pXRDvtvikqOzhgTDXurgJCfUnLKfKJjdJgJ5RV1OWk=; fh=2PQn9VYLpJKxCZvO/7KmIPfD9OVQ1hnJ0DtzeHBMtNQ=; b=LFETQDM32kSjwwsYYsvc8tnn2EBPebydKZd0dLDGXt0adKdC+LYxum7NYBtJGY1V0b VfomwttYvSL259gUOU0xi9MRFQKwfI35TtRtDhNJ13wavgjYMAXY0nwuWPg2OD1NPBCo /aeCPlJ350OE2Y0EomiSRd7LMv+uza34JwpxS3bPjuk7Xb3hEUZdV+wQ6SSUdjU3Pd9+ j+q3ZOjYhBKWhnhUduliQeY6QAfN3oNrS7SMYcvf2pXgc5UKkXhu0qHpwnY7madc6Xny UWlBKzQS2ljJzvAI7NE6lpTviQrWMqFFhds1uJJ1tW4Oh3T+tu8EkLTBmbay72jb9Lpz XM2w==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hRJPh57n; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id a640c23a62f3a-aac0f0436bcsi577131366b.581.2024.12.23.06.49.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:49:15 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hRJPh57n; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 149A38074B; Mon, 23 Dec 2024 15:48:56 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="hRJPh57n"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 597A1806D4; Mon, 23 Dec 2024 15:48:54 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qv1-xf2d.google.com (mail-qv1-xf2d.google.com [IPv6:2607:f8b0:4864:20::f2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2792980772 for ; Mon, 23 Dec 2024 15:48:52 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=raymond.mao@linaro.org Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-6dd43b08674so6363006d6.3 for ; Mon, 23 Dec 2024 06:48:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1734965331; x=1735570131; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/pXRDvtvikqOzhgTDXurgJCfUnLKfKJjdJgJ5RV1OWk=; b=hRJPh57nfOXPUfKYZArZiJ/9TmGGG7DliH48Nk5/fYij2FbKexKAp5aQ4jF/260O8T KXjrqvvXl2OjVuClHCj60nnKS1gdA7xXzarguQfPgkVSV3JmNwDd2RrvOQdqw5qA3vv1 PdGhYCQBC1lEnOJJA3vl5hd7fLSf/DXMaXRxtRXQOwj78hcQ3GAlRJEUUh7kOXba1fF1 GpT4OWG2ZnLu/CBX2rz/cL4HHXZZmkBWtZDVfG3/ffAcmVlVkLOormHNIiJTvVXIyn5Q 33MpBDOyE2a1BpqV579/Mc141EZmlZyc0/EjT77WL+4b75JTQWXjixK11dBI4IlUfUKF 4tmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734965331; x=1735570131; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/pXRDvtvikqOzhgTDXurgJCfUnLKfKJjdJgJ5RV1OWk=; b=dIvNq+bQUowARZBwdzdQZKrvpd8pGiqmJAwD3myYHRPbuVsdHmXg6eV8FpogS6FmG3 v8Qu9fxWkY3eVcHG8GWSt2s+bpzH8ldRGZRvybmsIUX37Bj5oCzOY/ciqz1xCghTV44I 4LLTG5wwilmsoKr22KCCb/PxPuYLi+gjXuR3FSRm3UmDgf4pTywCTo3UpMtFeXN5WhVn urLxk0dLHCBWjn83HOI2XOnCyAyZzwlETLbWpqIj8W3vDQ1LqvjmwriVGLrIQYklAhWK V2WgBUHFNGqNCnqTK9yRTpdK6Et8XeSkWpyJ0zxWKPzP6Xtyl5qUSFiUgzGyRQy+txoG jfQg== X-Gm-Message-State: AOJu0Yxu1pa2LZBo6xG3tLoXvkRWb4jVNrbHDWDlcUix1oLW4fYBQUq5 FC6q9tCv/ftExJ798ZW4l2fwqhH6VVnB9sS7tvZ8kN7EaGQV59E0Acv6whGxYvkZ/E1VeH54Uef M X-Gm-Gg: ASbGncusJMhj9uMoAthg7QYXeAPcP94yA+UdpeJOyogwU+DihxT8oBiiCXU2oKy/5RL zZHDpFJrA0vKSnWssuP5ic2Tk5xUmVhIRJylpbZZqufl6oW5CWN+E7OHo5H8XU+wrT3PN5T/uPw rz9Ppbl6Zuqyn66BSPjFM3RuZTQGKy7+1348bViOyAIZA16w1Nj9pm4D+xi01vU2+Rp4AdECxpu dqiLEQcOi1Hf+P3TL6hFPBtGdDaeLyZN3cM50eW+jNSvXgd4bjZYl3T3vNsaPBUhnpyfJgLJQYU pri8xaZy50TzvmyBYrlJZDBepvI/e9XrGbHA3x+PPeuS6yYa523I14w= X-Received: by 2002:a05:6214:2589:b0:6d8:a76d:b66c with SMTP id 6a1803df08f44-6dd2339e08fmr199577346d6.30.1734965330915; Mon, 23 Dec 2024 06:48:50 -0800 (PST) Received: from ubuntu.localdomain (pool-174-114-184-37.cpe.net.cable.rogers.com. [174.114.184.37]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6dd181bb519sm44243246d6.83.2024.12.23.06.48.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:50 -0800 (PST) From: Raymond Mao To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Raymond Mao , Tom Rini , Heinrich Schuchardt , Simon Glass , Tim Harvey , Masahisa Kojima , Eddie James Subject: [PATCH 09/11] tpm: Simplify tcg2_log_init() Date: Mon, 23 Dec 2024 06:47:31 -0800 Message-Id: <20241223144737.554992-10-raymond.mao@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20241223144737.554992-1-raymond.mao@linaro.org> References: <20241223144737.554992-1-raymond.mao@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Ilias Apalodimas A previous patch is storing the active PCR banks on the TPM private data. Instead of parsing them on the fly use the stored values. This allows us to simplify our checks during the log creation and parsing. Signed-off-by: Ilias Apalodimas Signed-off-by: Raymond Mao --- lib/tpm_tcg2.c | 42 +++++++----------------------------------- 1 file changed, 7 insertions(+), 35 deletions(-) diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c index 9bdbe411e9..72969923a9 100644 --- a/lib/tpm_tcg2.c +++ b/lib/tpm_tcg2.c @@ -208,37 +208,17 @@ static int tcg2_log_append_check(struct tcg2_event_log *elog, u32 pcr_index, static int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog) { + struct tpm_chip_priv *priv = dev_get_uclass_priv(dev); struct tcg_efi_spec_id_event *ev; struct tcg_pcr_event *log; u32 event_size; u32 count = 0; u32 log_size; - u32 active; size_t i; u16 len; - int rc; - - rc = tcg2_get_active_pcr_banks(dev, &active); - if (rc) - return rc; + count = priv->active_bank_count; event_size = offsetof(struct tcg_efi_spec_id_event, digest_sizes); - for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { - if (!(active & hash_algo_list[i].hash_mask)) - continue; - - switch (hash_algo_list[i].hash_alg) { - case TPM2_ALG_SHA1: - case TPM2_ALG_SHA256: - case TPM2_ALG_SHA384: - case TPM2_ALG_SHA512: - count++; - break; - default: - continue; - } - } - event_size += 1 + (sizeof(struct tcg_efi_spec_id_event_algorithm_size) * count); log_size = offsetof(struct tcg_pcr_event, event) + event_size; @@ -265,19 +245,11 @@ static int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog) ev->uintn_size = sizeof(size_t) / sizeof(u32); put_unaligned_le32(count, &ev->number_of_algorithms); - count = 0; - for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { - if (!(active & hash_algo_list[i].hash_mask)) - continue; - - len = hash_algo_list[i].hash_len; - if (!len) - continue; - - put_unaligned_le16(hash_algo_list[i].hash_alg, - &ev->digest_sizes[count].algorithm_id); - put_unaligned_le16(len, &ev->digest_sizes[count].digest_size); - count++; + for (i = 0; i < count; ++i) { + len = tpm2_algorithm_to_len(priv->active_banks[i]); + put_unaligned_le16(priv->active_banks[i], + &ev->digest_sizes[i].algorithm_id); + put_unaligned_le16(len, &ev->digest_sizes[i].digest_size); } *((u8 *)ev + (event_size - 1)) = 0; From patchwork Mon Dec 23 14:47:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raymond Mao X-Patchwork-Id: 853072 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp3432910wrq; Mon, 23 Dec 2024 06:49:21 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVvt/VvoEa0MEEmF3+SiLRxZ4AN7PZTw9VTqQpgkynFiVFqPOu52gLW+BlxSloCmY9hpP01wA==@linaro.org X-Google-Smtp-Source: AGHT+IEwlOGvmn5S1TJIH+UKswuxCVAXfLQXBFLzTO04TdQS49AzWicZgs0opb4iK2EEE6CJheoh X-Received: by 2002:a17:907:1c0f:b0:aa6:3de7:f258 with SMTP id a640c23a62f3a-aac334f1ba8mr1056229366b.37.1734965360907; Mon, 23 Dec 2024 06:49:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734965360; cv=none; d=google.com; s=arc-20240605; b=Q1mIU5o4z+WZjYwyK2jcuHGLteHHJEn8+g7Akd1EvtszQKay4JAMQeMuM5n+SqdtcN A70p6/BK3Ku5uEVInDio8x3WS2Y+ZBTWxs8WCsmO5vXc5b4Q/HxZ1hqi/0Amr8l3173y UQU4ULWogi2VA6WMkngbyNNXmjU+/noAYFEMfSdd+e5C+uyRKVVDC63NendAgX3elLgV QoT76Royix3ON7aCYWOZGrfX/NGPk5Cbs5k+lj+RLCjs5A7ObcHYeHOPHCSLkc7Q6USh dRoOc4cNL46s8tNpAuIEbjt+ufbMi5t/LbpQfSWxaQsDoVewuecuzZvkmWik2SNPC4w6 A7Gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=dA4bRXHpTlUiA/sjarTwlVmTFN4dNXhUiDJjvTP4O7M=; fh=JwI1T3Njxx0vlNnAg5N5jQGYex21sQ2C4f5jT2UIKcY=; b=jzB13k4ELm52kVNH9HJTBNU+xyQTm2LldUuzcGTK0tsxQhVvRKEQaIh2Cv2YZiBIe1 b5jEzdOOo4qBNFZbI/vNvxwhAT4J476w2VmXxYmDwraep+viKWhW6Al2aDC0AcWkgcis mTp+Tw+mE5vlvVSZdi17EVZzoHF9lkQA4v6rqE4BUgs9evVC1FIytjUum2VizOHyqHUC xHgqU63oKDHXhni4swHvU3J50goWEG7SrFCz5hmzlfksbSarXNEGl5d0t3sztE/CCGRl UahH9UUf2x9BKeDYc+rck4YieMNBuBQdto5YdkUftv0xJYBx86vfSA+mZmv5M3uGtKd6 KTFQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RDLnNOr3; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id a640c23a62f3a-aac0eff3328si596234966b.310.2024.12.23.06.49.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:49:20 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RDLnNOr3; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 18A1480730; Mon, 23 Dec 2024 15:49:03 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="RDLnNOr3"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4A53580771; Mon, 23 Dec 2024 15:49:01 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qv1-xf32.google.com (mail-qv1-xf32.google.com [IPv6:2607:f8b0:4864:20::f32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 86CD080730 for ; Mon, 23 Dec 2024 15:48:58 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=raymond.mao@linaro.org Received: by mail-qv1-xf32.google.com with SMTP id 6a1803df08f44-6d884e8341bso30471186d6.0 for ; Mon, 23 Dec 2024 06:48:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1734965337; x=1735570137; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dA4bRXHpTlUiA/sjarTwlVmTFN4dNXhUiDJjvTP4O7M=; b=RDLnNOr3Rx+c2w8r/oM3+PWMskabrcETiEX9p9TgKI4V3hZs3+YHiEQRUHm0v8uUNW Pz1CNz475BD27kIQ45Sm83tCfFcJ8PigZZvgiMYQamyefitRJlNkMaCuTQu5HbbojAvW Q1ZPjEcB9xMF+9dW+4+IwR1lM2QA4W7fSDC09wfGWAs0sa5SW6QE/Ol0TunFOhaQIvMz RBfxb4JY4uC7j1m8BFB+Tnq6hCt49LC4ZN9ikkUChyFL9g4oRofPXc8+9JLIazm88CUH KFgMo946yrSLC+U75ngdE08GzNpq6KTZpckZBsAaFKAB6GLRisS4uvsRJHGen6vOKYXw O90A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734965337; x=1735570137; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dA4bRXHpTlUiA/sjarTwlVmTFN4dNXhUiDJjvTP4O7M=; b=E2PrdGavTM9MFHxmH0X52RRo6a0a3f4pc0hdjtOzQjdQbWfqeTb2Gfzi910ZLCXx+l S/+wmGqX7VazxU8J8/z7wtEQ594BYhacqL1WoCJSc9IKhmrgxReiQTLYBDsVGEHWQxCn bZjzr0Qh8C0hf3xl109yQrmaEezPbG7CIzmJTmjRsN8fp637eM29zp+bVHXgnFBPqn1R wl+MedhOh+nyRi9xqXOuLVFS7OVPXtHpwLNJ91oSXtxgv4uc4iwV3y5qLI+pb3vOkEQN SovLJs9cEutXNFAmnvZt6w0BBQBkvFY6NXM0ARguwaz0LHDKF50qFl8EV+fytymenhhW 8gZw== X-Gm-Message-State: AOJu0YwjV1LngFDSV7CDmK4EX7spmT0bv+bVHjKN0pSgOZBxeiTmRpEI UISfuCrwnFVwYJWciL9wwN0JSOcTDmuUAtbMkro2L3mo6tukdNfarVwb1+mj0h1+USzLOFXB4IW D X-Gm-Gg: ASbGncvlnIWQlFyrjtRdqPwhytv5Hasa3hvrTgyOrCWtSRuZ/cPh2n6X2wccek0qm9D Q+7v8+ySw7QiaNanPm2OLQp2MwJmpxrzZRosTxsJ7nVMwf9z5aLLd0JhOui1r0OFDe+vTwnmjVA 11q4cpligmaNX2m1iW42lEH1GA724d3OC+I/vfPIHMtoZm8OdgseIEATnPqtrAC04nvFF4mcfG0 UbTml5DVy78Jhk3psyrI9dUoqs6V2VJKYwFCjIJ9UUR8EABG8h2wR3cH33tJQNBbEE5GOerEvH4 cbIiEom1bjFKDIptbZDlABndCq1rbfU/WZr4mbsWuhb5rqsP2ZgbyQk= X-Received: by 2002:a05:6214:5f11:b0:6d8:9ab7:adcc with SMTP id 6a1803df08f44-6dd2334b26cmr210420676d6.22.1734965337242; Mon, 23 Dec 2024 06:48:57 -0800 (PST) Received: from ubuntu.localdomain (pool-174-114-184-37.cpe.net.cable.rogers.com. [174.114.184.37]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6dd181bb519sm44243246d6.83.2024.12.23.06.48.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:56 -0800 (PST) From: Raymond Mao To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Raymond Mao , Tom Rini , Heinrich Schuchardt , Tim Harvey , Simon Glass , Eddie James , Masahisa Kojima Subject: [PATCH 10/11] tpm: Don't replay an EventLog if tcg2_log_parse() fails Date: Mon, 23 Dec 2024 06:47:32 -0800 Message-Id: <20241223144737.554992-11-raymond.mao@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20241223144737.554992-1-raymond.mao@linaro.org> References: <20241223144737.554992-1-raymond.mao@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Ilias Apalodimas We used to stop replaying an EventLog if parsing failed, but that got lost in commit 97707f12fdab ("tpm: Support boot measurements"). When an EventLog is passed yo us from a previous bootloader, we want to validate it as much as we can and make sure the defined PCR banks of the log exist in our TPM and firmware so we can replay it if needed or use it as-in, in case the PCRs are already extended. So let's add the checks back and while at it simplify the logic of rejecting an EventLog. Signed-off-by: Ilias Apalodimas Signed-off-by: Raymond Mao --- lib/tpm_tcg2.c | 56 ++++++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 25 deletions(-) diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c index 72969923a9..64563d7871 100644 --- a/lib/tpm_tcg2.c +++ b/lib/tpm_tcg2.c @@ -360,7 +360,6 @@ static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog) u16 len; int rc; u32 i; - u16 j; if (elog->log_size <= offsetof(struct tcg_pcr_event, event)) return 0; @@ -399,40 +398,51 @@ static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog) if (evsz != calc_size) return 0; - rc = tcg2_get_active_pcr_banks(dev, &active); - if (rc) - return rc; - + /* + * Go through the algorithms the EventLog contains. If the EventLog + * algorithms don't match the active TPM ones exit and report the + * erroneous banks. + * We've already checked that U-Boot supports all the enabled TPM + * algorithms, so just check the EvenLog against the TPM active ones. + */ digest_list.count = 0; log_active = 0; - for (i = 0; i < count; ++i) { algo = get_unaligned_le16(&event->digest_sizes[i].algorithm_id); mask = tcg2_algorithm_to_mask(algo); - if (!(active & mask)) - return 0; - switch (algo) { case TPM2_ALG_SHA1: case TPM2_ALG_SHA256: case TPM2_ALG_SHA384: case TPM2_ALG_SHA512: len = get_unaligned_le16(&event->digest_sizes[i].digest_size); - if (tpm2_algorithm_to_len(algo) != len) - return 0; + if (tpm2_algorithm_to_len(algo) != len) { + log_err("EventLog invalid algorithm length\n"); + return -1; + } digest_list.digests[digest_list.count++].hash_alg = algo; break; default: - return 0; + /* + * We can ignore this if the TPM PCRs is not extended + * by the previous bootloader. But for now just exit + */ + log_err("EventLog has unsupported algorithm 0x%x\n", + algo); + return -1; } - log_active |= mask; } - /* Ensure the previous firmware extended all the PCRs. */ - if (log_active != active) - return 0; + rc = tcg2_get_active_pcr_banks(dev, &active); + if (rc) + return rc; + /* If the EventLog and active algorithms don't match exit */ + if (log_active != active) { + log_err("EventLog doesn't contain all active PCR banks\n"); + return -1; + } /* Read PCR0 to check if previous firmware extended the PCRs or not. */ rc = tcg2_pcr_read(dev, 0, &digest_list); @@ -440,17 +450,13 @@ static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog) return rc; for (i = 0; i < digest_list.count; ++i) { - len = tpm2_algorithm_to_len(digest_list.digests[i].hash_alg); - for (j = 0; j < len; ++j) { - if (digest_list.digests[i].digest.sha512[j]) - break; - } + u8 hash_buf[TPM2_SHA512_DIGEST_SIZE] = { 0 }; + u16 hash_alg = digest_list.digests[i].hash_alg; - /* PCR is non-zero; it has been extended, so skip extending. */ - if (j != len) { + if (memcmp((u8 *)&digest_list.digests[i].digest, hash_buf, + tpm2_algorithm_to_len(hash_alg))) digest_list.count = 0; - break; - } + } return tcg2_replay_eventlog(elog, dev, &digest_list,