diff options
author | Philipp Deppenwiese <zaolin@das-labor.org> | 2018-08-01 06:26:00 +0200 |
---|---|---|
committer | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2018-08-03 23:46:21 +0000 |
commit | bce49c2304adba31264c68daecdb5a41a3faf3a0 (patch) | |
tree | a96c10c75af096d56a7ae3a7aeeb316c81b8e3c8 /src | |
parent | 0a0340e42e461a6e34a2e99304792f0ecac07bcb (diff) |
security/tpm: Improve TCPA log generation
* Make tcpa_log_init static and move init code into
the tcpa_log_add_table_entry routine.
* Add more checks for log initialization.
* Fix minor issues
Change-Id: I215d79eed7ad17c6ab87f0c4b14a282e519ef07d
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/27769
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/commonlib/include/commonlib/tcpa_log_serialized.h | 2 | ||||
-rw-r--r-- | src/drivers/tpm/tpm.c | 3 | ||||
-rw-r--r-- | src/security/tpm/tspi.h | 5 | ||||
-rw-r--r-- | src/security/tpm/tspi/log.c | 47 | ||||
-rw-r--r-- | src/security/vboot/secdata_tpm.c | 3 |
5 files changed, 26 insertions, 34 deletions
diff --git a/src/commonlib/include/commonlib/tcpa_log_serialized.h b/src/commonlib/include/commonlib/tcpa_log_serialized.h index cd6fbec73d..6dfb566fdc 100644 --- a/src/commonlib/include/commonlib/tcpa_log_serialized.h +++ b/src/commonlib/include/commonlib/tcpa_log_serialized.h @@ -29,7 +29,7 @@ struct tcpa_entry { uint32_t pcr; uint8_t digest[TCPA_DIGEST_MAX_LENGTH]; uint32_t digest_length; - uint8_t name[TCPA_PCR_HASH_NAME]; + char name[TCPA_PCR_HASH_NAME]; } __packed; struct tcpa_table { diff --git a/src/drivers/tpm/tpm.c b/src/drivers/tpm/tpm.c index 8c681597bb..e4a81c3da4 100644 --- a/src/drivers/tpm/tpm.c +++ b/src/drivers/tpm/tpm.c @@ -30,9 +30,6 @@ static void init_tpm_dev(void *unused) #else tpm_setup(false); #endif - - // TCPA cbmem log - tcpa_log_init(); } BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_ENTRY, init_tpm_dev, NULL); diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h index 94b53b054a..e4ddefcdd3 100644 --- a/src/security/tpm/tspi.h +++ b/src/security/tpm/tspi.h @@ -21,11 +21,6 @@ #include <commonlib/tcpa_log_serialized.h> /** - * Setup TCPA cbmem log. - */ -void tcpa_log_init(void); - -/** * Add table entry for cbmem TCPA log. */ void tcpa_log_add_table_entry(const char *name, const uint32_t pcr, diff --git a/src/security/tpm/tspi/log.c b/src/security/tpm/tspi/log.c index 8ec4c6d49d..0a6655a516 100644 --- a/src/security/tpm/tspi/log.c +++ b/src/security/tpm/tspi/log.c @@ -18,47 +18,45 @@ #include <console/console.h> #include <security/tpm/tspi.h> -void tcpa_log_init(void) +static struct tcpa_table *tcpa_log_init(void) { - const struct cbmem_entry *ce; - struct tcpa_table *tclt; + MAYBE_STATIC struct tcpa_table *tclt = NULL; if (!cbmem_possibly_online()) - return; + return NULL; - ce = cbmem_entry_find(CBMEM_ID_TCPA_LOG); - if (ce) - return; + if (tclt != NULL) + return tclt; + + tclt = (struct tcpa_table *) cbmem_entry_find(CBMEM_ID_TCPA_LOG); + if (tclt) + return tclt; tclt = cbmem_add(CBMEM_ID_TCPA_LOG, sizeof(struct tcpa_table) + - MAX_TCPA_LOG_ENTRIES * - sizeof(struct tcpa_entry)); + MAX_TCPA_LOG_ENTRIES * + sizeof(struct tcpa_entry)); - if (!tclt) - return; + if (!tclt) { + printk(BIOS_ERR, "ERROR: Could not create TCPA log table\n"); + return NULL; + } tclt->max_entries = MAX_TCPA_LOG_ENTRIES; tclt->num_entries = 0; printk(BIOS_DEBUG, "TCPA log created at %p\n", tclt); + + return tclt; } void tcpa_log_add_table_entry(const char *name, const uint32_t pcr, const uint8_t *digest, const size_t digest_length) { - MAYBE_STATIC struct tcpa_table *tclt = NULL; + struct tcpa_table *tclt; struct tcpa_entry *tce; - if (!cbmem_possibly_online()) - return; - - tclt = cbmem_find(CBMEM_ID_TCPA_LOG); - if (!tclt) { - printk(BIOS_ERR, "ERROR: No TCPA log table found\n"); - return; - } - + tclt = tcpa_log_init(); if (tclt->num_entries == tclt->max_entries) { printk(BIOS_WARNING, "ERROR: TCPA log table is full\n"); return; @@ -66,8 +64,13 @@ void tcpa_log_add_table_entry(const char *name, const uint32_t pcr, tce = &tclt->entries[tclt->num_entries++]; - memcpy(tce->name, name, TCPA_PCR_HASH_NAME); + strncpy(tce->name, name, TCPA_PCR_HASH_NAME - 1); tce->pcr = pcr; + + if (digest_length > TCPA_DIGEST_MAX_LENGTH) { + printk(BIOS_WARNING, "ERROR: PCR digest too long for TCPA log entry\n"); + return; + } memcpy(tce->digest, digest, digest_length); tce->digest_length = digest_length; } diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index d3f4a1196e..c62f18b962 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -451,9 +451,6 @@ uint32_t vboot_setup_tpm(struct vb2_context *ctx) if (result == TPM_E_MUST_REBOOT) ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; - // TCPA cbmem log - tcpa_log_init(); - return result; } |