diff options
Diffstat (limited to 'src/security')
-rw-r--r-- | src/security/vboot/tpm_common.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/src/security/vboot/tpm_common.c b/src/security/vboot/tpm_common.c index 783392c76d..7fb2a9d3c5 100644 --- a/src/security/vboot/tpm_common.c +++ b/src/security/vboot/tpm_common.c @@ -31,15 +31,30 @@ vb2_error_t vboot_extend_pcr(struct vb2_context *ctx, int pcr, if (size < TPM_PCR_MINIMUM_DIGEST_SIZE) return VB2_ERROR_UNKNOWN; + /* + * On TPM 1.2, all PCRs are intended for use with SHA1. We truncate our + * SHA256 HWID hash to 20 bytes to make it fit. On TPM 2.0, we always + * want to use the SHA256 banks, even for the boot mode which is + * technically a SHA1 value for historical reasons. vboot has already + * zero-extended the buffer to 32 bytes for us, so we just take it like + * that and pretend it's a SHA256. In practice, this means we never care + * about the (*size) value returned from vboot (which indicates how many + * significant bytes vboot wrote, although it always extends zeroes up + * to the end of the buffer), we always use a hardcoded size instead. + */ + _Static_assert(sizeof(buffer) >= VB2_SHA256_DIGEST_SIZE, + "Buffer needs to be able to fit at least a SHA256"); + enum vb2_hash_algorithm algo = CONFIG(TPM1) ? VB2_HASH_SHA1 : VB2_HASH_SHA256; + switch (which_digest) { /* SHA1 of (devmode|recmode|keyblock) bits */ case BOOT_MODE_PCR: - return tpm_extend_pcr(pcr, VB2_HASH_SHA256, buffer, size, + return tpm_extend_pcr(pcr, algo, buffer, vb2_digest_size(algo), TPM_PCR_BOOT_MODE); /* SHA256 of HWID */ case HWID_DIGEST_PCR: - return tpm_extend_pcr(pcr, VB2_HASH_SHA256, buffer, - size, TPM_PCR_GBB_HWID_NAME); + return tpm_extend_pcr(pcr, algo, buffer, vb2_digest_size(algo), + TPM_PCR_GBB_HWID_NAME); default: return VB2_ERROR_UNKNOWN; } |