diff options
| author | Nayna Jain | 2017-01-30 10:59:41 +0100 |
|---|---|---|
| committer | Jarkko Sakkinen | 2017-02-03 21:03:14 +0100 |
| commit | c1f92b4b04ad7006bdcbd1d5bb63f2864b06b7f8 (patch) | |
| tree | 805ea1b006b4394854ae70db7bd409bb2c9611d8 /drivers/char/tpm/tpm-interface.c | |
| parent | tpm: implement TPM 2.0 capability to get active PCR banks (diff) | |
| download | kernel-qcow2-linux-c1f92b4b04ad7006bdcbd1d5bb63f2864b06b7f8.tar.gz kernel-qcow2-linux-c1f92b4b04ad7006bdcbd1d5bb63f2864b06b7f8.tar.xz kernel-qcow2-linux-c1f92b4b04ad7006bdcbd1d5bb63f2864b06b7f8.zip | |
tpm: enhance TPM 2.0 PCR extend to support multiple banks
The current TPM 2.0 device driver extends only the SHA1 PCR bank
but the TCG Specification[1] recommends extending all active PCR
banks, to prevent malicious users from setting unused PCR banks with
fake measurements and quoting them.
The existing in-kernel interface(tpm_pcr_extend()) expects only a
SHA1 digest. To extend all active PCR banks with differing
digest sizes, the SHA1 digest is padded with trailing 0's as needed.
This patch reuses the defined digest sizes from the crypto subsystem,
adding a dependency on CRYPTO_HASH_INFO module.
[1] TPM 2.0 Specification referred here is "TCG PC Client Specific
Platform Firmware Profile for TPM 2.0"
Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Kenneth Goldman <kgold@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Diffstat (limited to 'drivers/char/tpm/tpm-interface.c')
| -rw-r--r-- | drivers/char/tpm/tpm-interface.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 2ea16abb5dc9..423938e8570f 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -789,13 +789,25 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) struct tpm_cmd_t cmd; int rc; struct tpm_chip *chip; + struct tpm2_digest digest_list[ARRAY_SIZE(chip->active_banks)]; + u32 count = 0; + int i; chip = tpm_chip_find_get(chip_num); if (chip == NULL) return -ENODEV; if (chip->flags & TPM_CHIP_FLAG_TPM2) { - rc = tpm2_pcr_extend(chip, pcr_idx, hash); + memset(digest_list, 0, sizeof(digest_list)); + + for (i = 0; chip->active_banks[i] != TPM2_ALG_ERROR && + i < ARRAY_SIZE(chip->active_banks); i++) { + digest_list[i].alg_id = chip->active_banks[i]; + memcpy(digest_list[i].digest, hash, TPM_DIGEST_SIZE); + count++; + } + + rc = tpm2_pcr_extend(chip, pcr_idx, count, digest_list); tpm_put_ops(chip); return rc; } |