diff options
-rw-r--r-- | src/security/tpm/Kconfig | 2 | ||||
-rw-r--r-- | src/security/tpm/tspi/crtm.c | 9 |
2 files changed, 6 insertions, 5 deletions
diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig index 6741614bb0..b6a7781d9a 100644 --- a/src/security/tpm/Kconfig +++ b/src/security/tpm/Kconfig @@ -112,6 +112,6 @@ config TPM_MEASURED_BOOT_RUNTIME_DATA depends on TPM_MEASURED_BOOT help Runtime data whitelist of cbfs filenames. Needs to be a - comma separated list + space delimited list endmenu # Trusted Platform Module (tpm) diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c index 8bcc01bcbb..49daeb009b 100644 --- a/src/security/tpm/tspi/crtm.c +++ b/src/security/tpm/tspi/crtm.c @@ -88,17 +88,18 @@ static bool is_runtime_data(const char *name) const char *whitelist = CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA; size_t whitelist_len = sizeof(CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA) - 1; size_t name_len = strlen(name); - int i; + const char *end; if (!whitelist_len || !name_len) return false; - for (i = 0; (i + name_len) <= whitelist_len; i++) { - if (!strcmp(whitelist + i, name)) + while ((end = strchr(whitelist, ' '))) { + if (end - whitelist == name_len && !strncmp(whitelist, name, name_len)) return true; + whitelist = end + 1; } - return false; + return !strcmp(whitelist, name); } uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name) |