]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
tpm: use more than sha256 on pcr_extend
authorIlias Apalodimas <ilias.apalodimas@linaro.org>
Thu, 26 Nov 2020 21:07:22 +0000 (23:07 +0200)
committerHeinrich Schuchardt <xypron.glpk@gmx.de>
Thu, 3 Dec 2020 20:22:40 +0000 (21:22 +0100)
The current tpm2_pcr_extend is hardcoded using SHA256.
Let's make the actual command to the TPM2 configurable so we can support
a wider range of algorithms and keep the current command line as-is i.e
limited to SHA256 only

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
cmd/tpm-v2.c
include/tpm-v2.h
lib/tpm-v2.c

index 5fa4788a72de5199f00d27d415e15bdecf6b145e..daae91100a2bb41b65efb288365d5f62e7b2602f 100644 (file)
@@ -116,7 +116,8 @@ static int do_tpm2_pcr_extend(struct cmd_tbl *cmdtp, int flag, int argc,
        if (index >= priv->pcr_count)
                return -EINVAL;
 
-       rc = tpm2_pcr_extend(dev, index, digest);
+       rc = tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, digest,
+                            TPM2_DIGEST_LEN);
 
        unmap_sysmem(digest);
 
index 74c14fe7c51d31a65564be5e42d870481d533d39..f1826ff385895bd10c8e5d5f2ea2b12a4561c85f 100644 (file)
@@ -309,11 +309,14 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,
  *
  * @dev                TPM device
  * @index      Index of the PCR
+ * @algorithm  Algorithm used, defined in 'enum tpm2_algorithms'
  * @digest     Value representing the event to be recorded
+ * @digest_len  len of the hash
  *
  * @return code of the operation
  */
-u32 tpm2_pcr_extend(struct udevice *dev, u32 index, const uint8_t *digest);
+u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm,
+                   const u8 *digest, u32 digest_len);
 
 /**
  * Issue a TPM2_PCR_Read command.
index 91759068cf0336521084d6d8f6fe6ea9236fa221..1f3deb06e487512dfca48df1a64eab8198d1272f 100644 (file)
@@ -80,11 +80,12 @@ u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw,
        return tpm_sendrecv_command(dev, command_v2, NULL, NULL);
 }
 
-u32 tpm2_pcr_extend(struct udevice *dev, u32 index, const uint8_t *digest)
+u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm,
+                   const u8 *digest, u32 digest_len)
 {
        u8 command_v2[COMMAND_BUFFER_SIZE] = {
                tpm_u16(TPM2_ST_SESSIONS),      /* TAG */
-               tpm_u32(33 + TPM2_DIGEST_LEN),  /* Length */
+               tpm_u32(33 + digest_len),       /* Length */
                tpm_u32(TPM2_CC_PCR_EXTEND),    /* Command code */
 
                /* HANDLE */
@@ -99,7 +100,7 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, const uint8_t *digest)
                tpm_u16(0),                     /* Size of <hmac/password> */
                                                /* <hmac/password> (if any) */
                tpm_u32(1),                     /* Count (number of hashes) */
-               tpm_u16(TPM2_ALG_SHA256),       /* Algorithm of the hash */
+               tpm_u16(algorithm),     /* Algorithm of the hash */
                /* STRING(digest)                  Digest */
        };
        unsigned int offset = 33;
@@ -110,8 +111,8 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, const uint8_t *digest)
         *     - the digest
         */
        ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
-                              offset, digest, TPM2_DIGEST_LEN);
-       offset += TPM2_DIGEST_LEN;
+                              offset, digest, digest_len);
+       offset += digest_len;
        if (ret)
                return TPM_LIB_ERROR;