summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPhilipp Deppenwiese <zaolin@das-labor.org>2018-08-01 06:26:00 +0200
committerPhilipp Deppenwiese <zaolin.daisuki@gmail.com>2018-08-03 23:46:21 +0000
commitbce49c2304adba31264c68daecdb5a41a3faf3a0 (patch)
treea96c10c75af096d56a7ae3a7aeeb316c81b8e3c8 /src
parent0a0340e42e461a6e34a2e99304792f0ecac07bcb (diff)
security/tpm: Improve TCPA log generation
* Make tcpa_log_init static and move init code into the tcpa_log_add_table_entry routine. * Add more checks for log initialization. * Fix minor issues Change-Id: I215d79eed7ad17c6ab87f0c4b14a282e519ef07d Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/27769 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src')
-rw-r--r--src/commonlib/include/commonlib/tcpa_log_serialized.h2
-rw-r--r--src/drivers/tpm/tpm.c3
-rw-r--r--src/security/tpm/tspi.h5
-rw-r--r--src/security/tpm/tspi/log.c47
-rw-r--r--src/security/vboot/secdata_tpm.c3
5 files changed, 26 insertions, 34 deletions
diff --git a/src/commonlib/include/commonlib/tcpa_log_serialized.h b/src/commonlib/include/commonlib/tcpa_log_serialized.h
index cd6fbec73d..6dfb566fdc 100644
--- a/src/commonlib/include/commonlib/tcpa_log_serialized.h
+++ b/src/commonlib/include/commonlib/tcpa_log_serialized.h
@@ -29,7 +29,7 @@ struct tcpa_entry {
uint32_t pcr;
uint8_t digest[TCPA_DIGEST_MAX_LENGTH];
uint32_t digest_length;
- uint8_t name[TCPA_PCR_HASH_NAME];
+ char name[TCPA_PCR_HASH_NAME];
} __packed;
struct tcpa_table {
diff --git a/src/drivers/tpm/tpm.c b/src/drivers/tpm/tpm.c
index 8c681597bb..e4a81c3da4 100644
--- a/src/drivers/tpm/tpm.c
+++ b/src/drivers/tpm/tpm.c
@@ -30,9 +30,6 @@ static void init_tpm_dev(void *unused)
#else
tpm_setup(false);
#endif
-
- // TCPA cbmem log
- tcpa_log_init();
}
BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_ENTRY, init_tpm_dev, NULL);
diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h
index 94b53b054a..e4ddefcdd3 100644
--- a/src/security/tpm/tspi.h
+++ b/src/security/tpm/tspi.h
@@ -21,11 +21,6 @@
#include <commonlib/tcpa_log_serialized.h>
/**
- * Setup TCPA cbmem log.
- */
-void tcpa_log_init(void);
-
-/**
* Add table entry for cbmem TCPA log.
*/
void tcpa_log_add_table_entry(const char *name, const uint32_t pcr,
diff --git a/src/security/tpm/tspi/log.c b/src/security/tpm/tspi/log.c
index 8ec4c6d49d..0a6655a516 100644
--- a/src/security/tpm/tspi/log.c
+++ b/src/security/tpm/tspi/log.c
@@ -18,47 +18,45 @@
#include <console/console.h>
#include <security/tpm/tspi.h>
-void tcpa_log_init(void)
+static struct tcpa_table *tcpa_log_init(void)
{
- const struct cbmem_entry *ce;
- struct tcpa_table *tclt;
+ MAYBE_STATIC struct tcpa_table *tclt = NULL;
if (!cbmem_possibly_online())
- return;
+ return NULL;
- ce = cbmem_entry_find(CBMEM_ID_TCPA_LOG);
- if (ce)
- return;
+ if (tclt != NULL)
+ return tclt;
+
+ tclt = (struct tcpa_table *) cbmem_entry_find(CBMEM_ID_TCPA_LOG);
+ if (tclt)
+ return tclt;
tclt = cbmem_add(CBMEM_ID_TCPA_LOG,
sizeof(struct tcpa_table) +
- MAX_TCPA_LOG_ENTRIES *
- sizeof(struct tcpa_entry));
+ MAX_TCPA_LOG_ENTRIES *
+ sizeof(struct tcpa_entry));
- if (!tclt)
- return;
+ if (!tclt) {
+ printk(BIOS_ERR, "ERROR: Could not create TCPA log table\n");
+ return NULL;
+ }
tclt->max_entries = MAX_TCPA_LOG_ENTRIES;
tclt->num_entries = 0;
printk(BIOS_DEBUG, "TCPA log created at %p\n", tclt);
+
+ return tclt;
}
void tcpa_log_add_table_entry(const char *name, const uint32_t pcr,
const uint8_t *digest, const size_t digest_length)
{
- MAYBE_STATIC struct tcpa_table *tclt = NULL;
+ struct tcpa_table *tclt;
struct tcpa_entry *tce;
- if (!cbmem_possibly_online())
- return;
-
- tclt = cbmem_find(CBMEM_ID_TCPA_LOG);
- if (!tclt) {
- printk(BIOS_ERR, "ERROR: No TCPA log table found\n");
- return;
- }
-
+ tclt = tcpa_log_init();
if (tclt->num_entries == tclt->max_entries) {
printk(BIOS_WARNING, "ERROR: TCPA log table is full\n");
return;
@@ -66,8 +64,13 @@ void tcpa_log_add_table_entry(const char *name, const uint32_t pcr,
tce = &tclt->entries[tclt->num_entries++];
- memcpy(tce->name, name, TCPA_PCR_HASH_NAME);
+ strncpy(tce->name, name, TCPA_PCR_HASH_NAME - 1);
tce->pcr = pcr;
+
+ if (digest_length > TCPA_DIGEST_MAX_LENGTH) {
+ printk(BIOS_WARNING, "ERROR: PCR digest too long for TCPA log entry\n");
+ return;
+ }
memcpy(tce->digest, digest, digest_length);
tce->digest_length = digest_length;
}
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index d3f4a1196e..c62f18b962 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -451,9 +451,6 @@ uint32_t vboot_setup_tpm(struct vb2_context *ctx)
if (result == TPM_E_MUST_REBOOT)
ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
- // TCPA cbmem log
- tcpa_log_init();
-
return result;
}