From: Simon Glass <sjg@chromium.org>
Date: Sun, 18 Jul 2021 20:18:05 +0000 (-0600)
Subject: sandbox: tpm: Correct handling of SANDBOX_TPM_PCR_NB
X-Git-Tag: v2025.01-rc5-pxa1908~1768^2~13
X-Git-Url: http://git.dujemihanovic.xyz/img/static/%7B%7B%20%24style.RelPermalink%20%7D%7D?a=commitdiff_plain;h=9f0b53564f035743a2ce60636cadd17c97937dee;p=u-boot.git

sandbox: tpm: Correct handling of SANDBOX_TPM_PCR_NB

This is the number of PCRs, so the current check is off by one. Also the
map itself should not be checked, just the resulting pcr_index, to avoid
confusing people who read the code.

Fix these problems.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
index ed9c9a0bc9..3c4bbcdf2e 100644
--- a/drivers/tpm/tpm2_tis_sandbox.c
+++ b/drivers/tpm/tpm2_tis_sandbox.c
@@ -642,15 +642,8 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
 		for (i = 0; i < pcr_array_sz; i++)
 			pcr_map += (u64)sent[i] << (i * 8);
 
-		if (pcr_map >> SANDBOX_TPM_PCR_NB) {
-			printf("Sandbox TPM handles up to %d PCR(s)\n",
-			       SANDBOX_TPM_PCR_NB);
-			rc = TPM2_RC_VALUE;
-			return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
-		}
-
 		if (!pcr_map) {
-			printf("Empty PCR map.\n");
+			printf("Empty PCR map\n");
 			rc = TPM2_RC_VALUE;
 			return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
 		}
@@ -659,6 +652,13 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
 			if (pcr_map & BIT(i))
 				pcr_index = i;
 
+		if (pcr_index >= SANDBOX_TPM_PCR_NB) {
+			printf("Invalid index %d, sandbox TPM handles up to %d PCR(s)\n",
+			       pcr_index, SANDBOX_TPM_PCR_NB);
+			rc = TPM2_RC_VALUE;
+			return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
+		}
+
 		/* Write tag */
 		put_unaligned_be16(tag, recv);
 		recv += sizeof(tag);
@@ -692,9 +692,9 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
 		pcr_index = get_unaligned_be32(sendbuf + sizeof(tag) +
 					       sizeof(length) +
 					       sizeof(command));
-		if (pcr_index > SANDBOX_TPM_PCR_NB) {
-			printf("Sandbox TPM handles up to %d PCR(s)\n",
-			       SANDBOX_TPM_PCR_NB);
+		if (pcr_index >= SANDBOX_TPM_PCR_NB) {
+			printf("Invalid index %d, sandbox TPM handles up to %d PCR(s)\n",
+			       pcr_index, SANDBOX_TPM_PCR_NB);
 			rc = TPM2_RC_VALUE;
 		}