forked from pool/tpm2.0-tools
Accepting request 505011 from security
- 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch: fixed tpm2_listpcrs aborting saying "too much pcrs to get!" (bnc#1044419) OBS-URL: https://build.opensuse.org/request/show/505011 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=5
This commit is contained in:
commit
e50722fd3a
120
0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch
Normal file
120
0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch
Normal file
@ -0,0 +1,120 @@
|
||||
From c2586d4116b29436baa6608c5c3a222aae8bf193 Mon Sep 17 00:00:00 2001
|
||||
From: Jerry Snitselaar <jsnitsel@redhat.com>
|
||||
Date: Mon, 15 May 2017 14:01:24 -0700
|
||||
Subject: [PATCH] tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to
|
||||
read
|
||||
|
||||
Allow TPM to tell us PCRs that are available to be read in a bank
|
||||
instead of assuming there will be 24. This resolves an issue on
|
||||
a system where in the bios you can choose between hash functions
|
||||
(sha1 and sha256 in this case). Both will show up as supported,
|
||||
but when it tries reading the bank that isn't selected in the bios
|
||||
it makes no progress, and then fails saying that there are too many
|
||||
PCRs to read.
|
||||
|
||||
This consolidates the pcr_selections init code into one function.
|
||||
|
||||
Also a minor change to show_pcr_values to use sizeofSelect to
|
||||
determine loop iteration instead of hardcoding 24.
|
||||
|
||||
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
|
||||
---
|
||||
tools/tpm2_listpcrs.c | 55 +++++++++++++++++++++++++--------------------------
|
||||
1 file changed, 27 insertions(+), 28 deletions(-)
|
||||
|
||||
diff --git a/tools/tpm2_listpcrs.c b/tools/tpm2_listpcrs.c
|
||||
index f50c200..42bb8c6 100644
|
||||
--- a/tools/tpm2_listpcrs.c
|
||||
+++ b/tools/tpm2_listpcrs.c
|
||||
@@ -173,38 +173,35 @@ static bool read_pcr_values(listpcr_context *context) {
|
||||
return true;
|
||||
}
|
||||
|
||||
-static void init_pcr_selection_from_algorithm(TPMI_ALG_HASH alg_id,
|
||||
- TPML_PCR_SELECTION *pcr_selections) {
|
||||
+static bool init_pcr_selection(TPMI_ALG_HASH alg_id, listpcr_context *context) {
|
||||
|
||||
- pcr_selections->count = 1;
|
||||
- pcr_selections->pcrSelections[0].hash = alg_id;
|
||||
- set_pcr_select_size(&pcr_selections->pcrSelections[0], 3);
|
||||
- clear_pcr_select_bits(&pcr_selections->pcrSelections[0]);
|
||||
+ TPMI_YES_NO moreData;
|
||||
+ TPMS_CAPABILITY_DATA cap_data;
|
||||
+ TPML_PCR_SELECTION *pcr_sel = &context->pcr_selections;
|
||||
+ UINT32 rval, i, j;
|
||||
|
||||
- UINT32 pcr_id;
|
||||
- for (pcr_id = 0; pcr_id < 24; pcr_id++) {
|
||||
- set_pcr_select_bit(&pcr_selections->pcrSelections[0], pcr_id);
|
||||
+ rval = Tss2_Sys_GetCapability(context->sapi_context, 0, TPM_CAP_PCRS, 0, 1, &moreData, &cap_data, 0);
|
||||
+ if (rval != TPM_RC_SUCCESS) {
|
||||
+ LOG_ERR("GetCapability: Get PCR allocation status Error. TPM Error:0x%x......\n", rval);
|
||||
+ return false;
|
||||
}
|
||||
-}
|
||||
|
||||
-/* XXX Could this internally call init_pcr_selection_from_algorithm to reduce duplicate code? */
|
||||
-static void init_pcr_selection_all(tpm2_algorithm *algorithm,
|
||||
- TPML_PCR_SELECTION *pcr_selections) {
|
||||
+ pcr_sel->count = 0;
|
||||
|
||||
- pcr_selections->count = 0;
|
||||
+ for (i = 0; i < cap_data.data.assignedPCR.count; i++) {
|
||||
+ if (alg_id && (cap_data.data.assignedPCR.pcrSelections[i].hash != alg_id))
|
||||
+ continue;
|
||||
+ pcr_sel->pcrSelections[pcr_sel->count].hash = cap_data.data.assignedPCR.pcrSelections[i].hash;
|
||||
+ set_pcr_select_size(&pcr_sel->pcrSelections[pcr_sel->count], cap_data.data.assignedPCR.pcrSelections[i].sizeofSelect);
|
||||
+ for (j = 0; j < pcr_sel->pcrSelections[pcr_sel->count].sizeofSelect; j++)
|
||||
+ pcr_sel->pcrSelections[pcr_sel->count].pcrSelect[j] = cap_data.data.assignedPCR.pcrSelections[i].pcrSelect[j];
|
||||
+ pcr_sel->count++;
|
||||
+ }
|
||||
|
||||
- int i;
|
||||
- for (i = 0; i < algorithm->count; i++) {
|
||||
- pcr_selections->pcrSelections[i].hash = algorithm->alg[i];
|
||||
- set_pcr_select_size(&pcr_selections->pcrSelections[i], 3);
|
||||
- clear_pcr_select_bits(&pcr_selections->pcrSelections[i]);
|
||||
+ if (pcr_sel->count == 0)
|
||||
+ return false;
|
||||
|
||||
- UINT32 pcr_id;
|
||||
- for (pcr_id = 0; pcr_id < 24; pcr_id++) {
|
||||
- set_pcr_select_bit(&pcr_selections->pcrSelections[i], pcr_id);
|
||||
- }
|
||||
- pcr_selections->count++;
|
||||
- }
|
||||
+ return true;
|
||||
}
|
||||
|
||||
// show all PCR banks according to g_pcrSelection & g_pcrs->
|
||||
@@ -220,7 +217,7 @@ static bool show_pcr_values(listpcr_context *context) {
|
||||
context->pcr_selections.pcrSelections[i].hash);
|
||||
|
||||
UINT32 pcr_id;
|
||||
- for (pcr_id = 0; pcr_id < 24; pcr_id++) {
|
||||
+ for (pcr_id = 0; pcr_id < context->pcr_selections.pcrSelections[i].sizeofSelect * 8; pcr_id++) {
|
||||
if (!is_pcr_select_bit_set(&context->pcr_selections.pcrSelections[i],
|
||||
pcr_id)) {
|
||||
continue;
|
||||
@@ -271,14 +268,16 @@ static bool show_selected_pcr_values(listpcr_context *context) {
|
||||
|
||||
static bool show_all_pcr_values(listpcr_context *context) {
|
||||
|
||||
- init_pcr_selection_all(&context->algs, &context->pcr_selections);
|
||||
+ if (!init_pcr_selection(0, context))
|
||||
+ return false;
|
||||
|
||||
return show_selected_pcr_values(context);
|
||||
}
|
||||
|
||||
static bool show_alg_pcr_values(listpcr_context *context, TPMI_ALG_HASH alg_id) {
|
||||
|
||||
- init_pcr_selection_from_algorithm(alg_id, &context->pcr_selections);
|
||||
+ if (!init_pcr_selection(alg_id, context))
|
||||
+ return false;
|
||||
|
||||
return show_selected_pcr_values(context);
|
||||
}
|
||||
--
|
||||
2.12.3
|
||||
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 20 08:35:29 UTC 2017 - matthias.gerstner@suse.com
|
||||
|
||||
- 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch: fixed
|
||||
tpm2_listpcrs aborting saying "too much pcrs to get!" (bnc#1044419)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 2 07:16:45 UTC 2017 - meissner@suse.com
|
||||
|
||||
|
@ -26,6 +26,9 @@ Url: https://github.com/01org/tpm2.0-tools
|
||||
Source0: https://github.com/01org/tpm2.0-tools/archive/%{version}.zip
|
||||
Patch0: tpm2.0-tools-fix-hardening.patch
|
||||
Patch1: tpm2.0-tools-fix-gcc7.patch
|
||||
# this fixes an error with an unexpectedly large number of PCRS (bnc#1044419)
|
||||
# there's no release containing this fix yet
|
||||
Patch2: 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake
|
||||
BuildRequires: gcc-c++
|
||||
@ -48,6 +51,7 @@ associated interfaces.
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
bash ./bootstrap
|
||||
|
Loading…
Reference in New Issue
Block a user