forked from pool/tpm2.0-tools
Matthias Gerstner
04ffd0c388
tpm2_listpcrs aborting saying "too much pcrs to get!" (bnc#1044419) OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=21
121 lines
4.7 KiB
Diff
121 lines
4.7 KiB
Diff
From c2586d4116b29436baa6608c5c3a222aae8bf193 Mon Sep 17 00:00:00 2001
|
|
From: Jerry Snitselaar <jsnitsel@redhat.com>
|
|
Date: Mon, 15 May 2017 14:01:24 -0700
|
|
Subject: [PATCH] tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to
|
|
read
|
|
|
|
Allow TPM to tell us PCRs that are available to be read in a bank
|
|
instead of assuming there will be 24. This resolves an issue on
|
|
a system where in the bios you can choose between hash functions
|
|
(sha1 and sha256 in this case). Both will show up as supported,
|
|
but when it tries reading the bank that isn't selected in the bios
|
|
it makes no progress, and then fails saying that there are too many
|
|
PCRs to read.
|
|
|
|
This consolidates the pcr_selections init code into one function.
|
|
|
|
Also a minor change to show_pcr_values to use sizeofSelect to
|
|
determine loop iteration instead of hardcoding 24.
|
|
|
|
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
|
|
---
|
|
tools/tpm2_listpcrs.c | 55 +++++++++++++++++++++++++--------------------------
|
|
1 file changed, 27 insertions(+), 28 deletions(-)
|
|
|
|
diff --git a/tools/tpm2_listpcrs.c b/tools/tpm2_listpcrs.c
|
|
index f50c200..42bb8c6 100644
|
|
--- a/tools/tpm2_listpcrs.c
|
|
+++ b/tools/tpm2_listpcrs.c
|
|
@@ -173,38 +173,35 @@ static bool read_pcr_values(listpcr_context *context) {
|
|
return true;
|
|
}
|
|
|
|
-static void init_pcr_selection_from_algorithm(TPMI_ALG_HASH alg_id,
|
|
- TPML_PCR_SELECTION *pcr_selections) {
|
|
+static bool init_pcr_selection(TPMI_ALG_HASH alg_id, listpcr_context *context) {
|
|
|
|
- pcr_selections->count = 1;
|
|
- pcr_selections->pcrSelections[0].hash = alg_id;
|
|
- set_pcr_select_size(&pcr_selections->pcrSelections[0], 3);
|
|
- clear_pcr_select_bits(&pcr_selections->pcrSelections[0]);
|
|
+ TPMI_YES_NO moreData;
|
|
+ TPMS_CAPABILITY_DATA cap_data;
|
|
+ TPML_PCR_SELECTION *pcr_sel = &context->pcr_selections;
|
|
+ UINT32 rval, i, j;
|
|
|
|
- UINT32 pcr_id;
|
|
- for (pcr_id = 0; pcr_id < 24; pcr_id++) {
|
|
- set_pcr_select_bit(&pcr_selections->pcrSelections[0], pcr_id);
|
|
+ rval = Tss2_Sys_GetCapability(context->sapi_context, 0, TPM_CAP_PCRS, 0, 1, &moreData, &cap_data, 0);
|
|
+ if (rval != TPM_RC_SUCCESS) {
|
|
+ LOG_ERR("GetCapability: Get PCR allocation status Error. TPM Error:0x%x......\n", rval);
|
|
+ return false;
|
|
}
|
|
-}
|
|
|
|
-/* XXX Could this internally call init_pcr_selection_from_algorithm to reduce duplicate code? */
|
|
-static void init_pcr_selection_all(tpm2_algorithm *algorithm,
|
|
- TPML_PCR_SELECTION *pcr_selections) {
|
|
+ pcr_sel->count = 0;
|
|
|
|
- pcr_selections->count = 0;
|
|
+ for (i = 0; i < cap_data.data.assignedPCR.count; i++) {
|
|
+ if (alg_id && (cap_data.data.assignedPCR.pcrSelections[i].hash != alg_id))
|
|
+ continue;
|
|
+ pcr_sel->pcrSelections[pcr_sel->count].hash = cap_data.data.assignedPCR.pcrSelections[i].hash;
|
|
+ set_pcr_select_size(&pcr_sel->pcrSelections[pcr_sel->count], cap_data.data.assignedPCR.pcrSelections[i].sizeofSelect);
|
|
+ for (j = 0; j < pcr_sel->pcrSelections[pcr_sel->count].sizeofSelect; j++)
|
|
+ pcr_sel->pcrSelections[pcr_sel->count].pcrSelect[j] = cap_data.data.assignedPCR.pcrSelections[i].pcrSelect[j];
|
|
+ pcr_sel->count++;
|
|
+ }
|
|
|
|
- int i;
|
|
- for (i = 0; i < algorithm->count; i++) {
|
|
- pcr_selections->pcrSelections[i].hash = algorithm->alg[i];
|
|
- set_pcr_select_size(&pcr_selections->pcrSelections[i], 3);
|
|
- clear_pcr_select_bits(&pcr_selections->pcrSelections[i]);
|
|
+ if (pcr_sel->count == 0)
|
|
+ return false;
|
|
|
|
- UINT32 pcr_id;
|
|
- for (pcr_id = 0; pcr_id < 24; pcr_id++) {
|
|
- set_pcr_select_bit(&pcr_selections->pcrSelections[i], pcr_id);
|
|
- }
|
|
- pcr_selections->count++;
|
|
- }
|
|
+ return true;
|
|
}
|
|
|
|
// show all PCR banks according to g_pcrSelection & g_pcrs->
|
|
@@ -220,7 +217,7 @@ static bool show_pcr_values(listpcr_context *context) {
|
|
context->pcr_selections.pcrSelections[i].hash);
|
|
|
|
UINT32 pcr_id;
|
|
- for (pcr_id = 0; pcr_id < 24; pcr_id++) {
|
|
+ for (pcr_id = 0; pcr_id < context->pcr_selections.pcrSelections[i].sizeofSelect * 8; pcr_id++) {
|
|
if (!is_pcr_select_bit_set(&context->pcr_selections.pcrSelections[i],
|
|
pcr_id)) {
|
|
continue;
|
|
@@ -271,14 +268,16 @@ static bool show_selected_pcr_values(listpcr_context *context) {
|
|
|
|
static bool show_all_pcr_values(listpcr_context *context) {
|
|
|
|
- init_pcr_selection_all(&context->algs, &context->pcr_selections);
|
|
+ if (!init_pcr_selection(0, context))
|
|
+ return false;
|
|
|
|
return show_selected_pcr_values(context);
|
|
}
|
|
|
|
static bool show_alg_pcr_values(listpcr_context *context, TPMI_ALG_HASH alg_id) {
|
|
|
|
- init_pcr_selection_from_algorithm(alg_id, &context->pcr_selections);
|
|
+ if (!init_pcr_selection(alg_id, context))
|
|
+ return false;
|
|
|
|
return show_selected_pcr_values(context);
|
|
}
|
|
--
|
|
2.12.3
|
|
|