- 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch: fixed

tpm2_listpcrs aborting saying "too much pcrs to get!" (bnc#1044419)

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=21

0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch

@@ -0,0 +1,120 @@
+From c2586d4116b29436baa6608c5c3a222aae8bf193 Mon Sep 17 00:00:00 2001
+From: Jerry Snitselaar <jsnitsel@redhat.com>
+Date: Mon, 15 May 2017 14:01:24 -0700
+Subject: [PATCH] tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to
+ read
+
+Allow TPM to tell us PCRs that are available to be read in a bank
+instead of assuming there will be 24. This resolves an issue on
+a system where in the bios you can choose between hash functions
+(sha1 and sha256 in this case). Both will show up as supported,
+but when it tries reading the bank that isn't selected in the bios
+it makes no progress, and then fails saying that there are too many
+PCRs to read.
+
+This consolidates the pcr_selections init code into one function.
+
+Also a minor change to show_pcr_values to use sizeofSelect to
+determine loop iteration instead of hardcoding 24.
+
+Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
+---
+ tools/tpm2_listpcrs.c | 55 +++++++++++++++++++++++++--------------------------
+ 1 file changed, 27 insertions(+), 28 deletions(-)
+
+diff --git a/tools/tpm2_listpcrs.c b/tools/tpm2_listpcrs.c
+index f50c200..42bb8c6 100644
+--- a/tools/tpm2_listpcrs.c
++++ b/tools/tpm2_listpcrs.c
+@@ -173,38 +173,35 @@ static bool read_pcr_values(listpcr_context *context) {
+     return true;
+ }
+ 
+-static void init_pcr_selection_from_algorithm(TPMI_ALG_HASH alg_id,
+-        TPML_PCR_SELECTION *pcr_selections) {
++static bool init_pcr_selection(TPMI_ALG_HASH alg_id, listpcr_context *context) {
+ 
+-    pcr_selections->count = 1;
+-    pcr_selections->pcrSelections[0].hash = alg_id;
+-    set_pcr_select_size(&pcr_selections->pcrSelections[0], 3);
+-    clear_pcr_select_bits(&pcr_selections->pcrSelections[0]);
++    TPMI_YES_NO moreData;
++    TPMS_CAPABILITY_DATA cap_data;
++    TPML_PCR_SELECTION *pcr_sel = &context->pcr_selections;
++    UINT32 rval, i, j;
+ 
+-    UINT32 pcr_id;
+-    for (pcr_id = 0; pcr_id < 24; pcr_id++) {
+-        set_pcr_select_bit(&pcr_selections->pcrSelections[0], pcr_id);
++    rval = Tss2_Sys_GetCapability(context->sapi_context, 0, TPM_CAP_PCRS, 0, 1, &moreData, &cap_data, 0);
++    if (rval != TPM_RC_SUCCESS) {
++        LOG_ERR("GetCapability: Get PCR allocation status Error. TPM Error:0x%x......\n", rval);
++        return false;
+     }
+-}
+ 
+-/* XXX Could this internally call init_pcr_selection_from_algorithm to reduce duplicate code? */
+-static void init_pcr_selection_all(tpm2_algorithm *algorithm,
+-        TPML_PCR_SELECTION *pcr_selections) {
++    pcr_sel->count = 0;
+ 
+-    pcr_selections->count = 0;
++    for (i = 0; i < cap_data.data.assignedPCR.count; i++) {
++        if (alg_id && (cap_data.data.assignedPCR.pcrSelections[i].hash != alg_id))
++            continue;
++        pcr_sel->pcrSelections[pcr_sel->count].hash = cap_data.data.assignedPCR.pcrSelections[i].hash;
++        set_pcr_select_size(&pcr_sel->pcrSelections[pcr_sel->count], cap_data.data.assignedPCR.pcrSelections[i].sizeofSelect);
++        for (j = 0; j < pcr_sel->pcrSelections[pcr_sel->count].sizeofSelect; j++)
++            pcr_sel->pcrSelections[pcr_sel->count].pcrSelect[j] = cap_data.data.assignedPCR.pcrSelections[i].pcrSelect[j];
++        pcr_sel->count++;
++    }
+ 
+-    int i;
+-    for (i = 0; i < algorithm->count; i++) {
+-        pcr_selections->pcrSelections[i].hash = algorithm->alg[i];
+-        set_pcr_select_size(&pcr_selections->pcrSelections[i], 3);
+-        clear_pcr_select_bits(&pcr_selections->pcrSelections[i]);
++    if (pcr_sel->count == 0)
++        return false;
+ 
+-        UINT32 pcr_id;
+-        for (pcr_id = 0; pcr_id < 24; pcr_id++) {
+-            set_pcr_select_bit(&pcr_selections->pcrSelections[i], pcr_id);
+-        }
+-        pcr_selections->count++;
+-    }
++    return true;
+ }
+ 
+ // show all PCR banks according to g_pcrSelection & g_pcrs->
+@@ -220,7 +217,7 @@ static bool show_pcr_values(listpcr_context *context) {
+                 context->pcr_selections.pcrSelections[i].hash);
+ 
+         UINT32 pcr_id;
+-        for (pcr_id = 0; pcr_id < 24; pcr_id++) {
++        for (pcr_id = 0; pcr_id < context->pcr_selections.pcrSelections[i].sizeofSelect * 8; pcr_id++) {
+             if (!is_pcr_select_bit_set(&context->pcr_selections.pcrSelections[i],
+                     pcr_id)) {
+                 continue;
+@@ -271,14 +268,16 @@ static bool show_selected_pcr_values(listpcr_context *context) {
+ 
+ static bool show_all_pcr_values(listpcr_context *context) {
+ 
+-    init_pcr_selection_all(&context->algs, &context->pcr_selections);
++    if (!init_pcr_selection(0, context))
++        return false;
+ 
+     return show_selected_pcr_values(context);
+ }
+ 
+ static bool show_alg_pcr_values(listpcr_context *context, TPMI_ALG_HASH alg_id) {
+ 
+-    init_pcr_selection_from_algorithm(alg_id, &context->pcr_selections);
++    if (!init_pcr_selection(alg_id, context))
++        return false;
+ 
+     return show_selected_pcr_values(context);
+ }
+-- 
+2.12.3
+

tpm2.0-tools.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Jun 20 08:35:29 UTC 2017 - matthias.gerstner@suse.com
+
+- 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch: fixed
+  tpm2_listpcrs aborting saying "too much pcrs to get!" (bnc#1044419)
+
 -------------------------------------------------------------------
 Fri Jun  2 07:16:45 UTC 2017 - meissner@suse.com
 

tpm2.0-tools.spec

@@ -26,6 +26,9 @@ Url:            https://github.com/01org/tpm2.0-tools
 Source0:        https://github.com/01org/tpm2.0-tools/archive/%{version}.zip
 Patch0:         tpm2.0-tools-fix-hardening.patch
 Patch1:         tpm2.0-tools-fix-gcc7.patch
+# this fixes an error with an unexpectedly large number of PCRS (bnc#1044419)
+# there's no release containing this fix yet
+Patch2:         0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -48,6 +51,7 @@ associated interfaces.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 bash ./bootstrap