From f501128536ca158d4a12a9afe6ea24e6ceb6506c Mon Sep 17 00:00:00 2001 From: Jeremy Soller Date: Wed, 21 Jun 2023 10:14:52 -0600 Subject: security/tpm: Respect CBMEM TPM log size The preram TPM log was being copied to the end of the CBMEM TPM log no matter what the size of the CBMEM TPM log was. Eventually, it would overwrite anything else in CBMEM beyond the TPM log. This can currently be reproduced by enabling TPM_MEASURED_BOOT and performing multiple S3 suspends, as coreboot is incorrectly performing TPM measurements on S3 resume. Change-Id: If76299e68eb5ed2ed20c947be35cea46c51fcdec Signed-off-by: Jeremy Soller Signed-off-by: Tim Crawford Reviewed-on: https://review.coreboot.org/c/coreboot/+/73297 Reviewed-by: Martin L Roth Tested-by: build bot (Jenkins) --- src/security/tpm/tspi/log-tpm2.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/security/tpm/tspi/log-tpm2.c') diff --git a/src/security/tpm/tspi/log-tpm2.c b/src/security/tpm/tspi/log-tpm2.c index 897ccedbff..c7bbc9e42b 100644 --- a/src/security/tpm/tspi/log-tpm2.c +++ b/src/security/tpm/tspi/log-tpm2.c @@ -213,6 +213,11 @@ void tpm2_log_copy_entries(const void *from, void *to) int i; for (i = 0; i < le16toh(from_log->vendor.num_entries); i++) { + if (le16toh(to_log->vendor.num_entries) >= le16toh(to_log->vendor.max_entries)) { + printk(BIOS_WARNING, "TPM LOG: log table is full\n"); + return; + } + struct tpm_2_log_entry *tce = &to_log->entries[le16toh(to_log->vendor.num_entries)]; to_log->vendor.num_entries = htole16(le16toh(to_log->vendor.num_entries) + 1); -- cgit v1.2.3