From nobody Fri Apr 26 14:13:00 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) client-ip=78.46.105.101; envelope-from=seabios-bounces@seabios.org; helo=coreboot.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org; dmarc=fail(p=none dis=none) header.from=linux.ibm.com Return-Path: Received: from coreboot.org (coreboot.org [78.46.105.101]) by mx.zohomail.com with SMTPS id 1548875185996255.00504989562444; Wed, 30 Jan 2019 11:06:25 -0800 (PST) Received: from [172.30.0.99] (mailu_mailman-core_1.mailu_default [172.30.0.99]) by coreboot.org (Postfix) with ESMTP id 42BF71120EDA; Wed, 30 Jan 2019 19:06:22 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by coreboot.org (Postfix) with ESMTP id EF7A71120ECD for ; Wed, 30 Jan 2019 19:06:18 +0000 (UTC) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0UJ108u013663 for ; Wed, 30 Jan 2019 14:06:17 -0500 Received: from e12.ny.us.ibm.com (e12.ny.us.ibm.com [129.33.205.202]) by mx0b-001b2d01.pphosted.com with ESMTP id 2qbfm4pqg3-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 30 Jan 2019 14:06:17 -0500 Received: from localhost by e12.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 30 Jan 2019 19:06:16 -0000 Received: from b01cxnp22036.gho.pok.ibm.com (9.57.198.26) by e12.ny.us.ibm.com (146.89.104.199) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 30 Jan 2019 19:06:15 -0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x0UJ6EiL17367120 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 30 Jan 2019 19:06:14 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 34612AC062; Wed, 30 Jan 2019 19:06:14 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 31997AC059; Wed, 30 Jan 2019 19:06:14 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 30 Jan 2019 19:06:14 +0000 (GMT) From: Stefan Berger To: seabios@seabios.org, kevin@koconnor.net Date: Wed, 30 Jan 2019 14:06:06 -0500 X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190130190607.3360267-1-stefanb@linux.ibm.com> References: <20190130190607.3360267-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 19013019-0060-0000-0000-000003031213 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00010505; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000277; SDB=6.01154040; UDB=6.00601715; IPR=6.00934417; MB=3.00025357; MTD=3.00000008; XFM=3.00000015; UTC=2019-01-30 19:06:16 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19013019-0061-0000-0000-0000481E26B1 Message-Id: <20190130190607.3360267-2-stefanb@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-01-30_14:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901300143 Message-ID-Hash: EPLYIVXIGJCQ7E5PJ2W4OOU6TZTW67NK X-Message-ID-Hash: EPLYIVXIGJCQ7E5PJ2W4OOU6TZTW67NK X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation CC: Stefan Berger X-Mailman-Version: 3.2.0 Precedence: list Subject: [SeaBIOS] [PATCH v3 1/2] tcgbios: Use table to convert hash to buffer size List-Id: SeaBIOS mailing list Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: - Authentication-Results: coreboot.org Content-Type: text/plain; charset="utf-8" Use a table to convert the hash to the buffer size it needs. Signed-off-by: Stefan Berger --- src/tcgbios.c | 41 ++++++++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/src/tcgbios.c b/src/tcgbios.c index 24846d3..0eabc60 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -161,23 +161,38 @@ struct tpm_log_entry { + SHA512_BUFSIZE + SM3_256_BUFSIZE]; } PACKED; =20 +static const struct hash_parameters { + u16 hashalg; + u8 hash_buffersize; +} hash_parameters[] =3D { + { + .hashalg =3D TPM2_ALG_SHA1, + .hash_buffersize =3D SHA1_BUFSIZE, + }, { + .hashalg =3D TPM2_ALG_SHA256, + .hash_buffersize =3D SHA256_BUFSIZE, + }, { + .hashalg =3D TPM2_ALG_SHA384, + .hash_buffersize =3D SHA384_BUFSIZE, + }, { + .hashalg =3D TPM2_ALG_SHA512, + .hash_buffersize =3D SHA512_BUFSIZE, + }, { + .hashalg =3D TPM2_ALG_SM3_256, + .hash_buffersize =3D SM3_256_BUFSIZE, + } +}; + static int tpm20_get_hash_buffersize(u16 hashAlg) { - switch (hashAlg) { - case TPM2_ALG_SHA1: - return SHA1_BUFSIZE; - case TPM2_ALG_SHA256: - return SHA256_BUFSIZE; - case TPM2_ALG_SHA384: - return SHA384_BUFSIZE; - case TPM2_ALG_SHA512: - return SHA512_BUFSIZE; - case TPM2_ALG_SM3_256: - return SM3_256_BUFSIZE; - default: - return -1; + unsigned i; + + for (i =3D 0; i < ARRAY_SIZE(hash_parameters); i++) { + if (hash_parameters[i].hashalg =3D=3D hashAlg) + return hash_parameters[i].hash_buffersize; } + return -1; } =20 // Add an entry at the start of the log describing digest formats --=20 2.17.2 _______________________________________________ SeaBIOS mailing list -- seabios@seabios.org To unsubscribe send an email to seabios-leave@seabios.org From nobody Fri Apr 26 14:13:00 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) client-ip=78.46.105.101; envelope-from=seabios-bounces@seabios.org; helo=coreboot.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 78.46.105.101 is neither permitted nor denied by domain of seabios.org) smtp.mailfrom=seabios-bounces@seabios.org; dmarc=fail(p=none dis=none) header.from=linux.ibm.com Return-Path: Received: from coreboot.org (coreboot.org [78.46.105.101]) by mx.zohomail.com with SMTPS id 1548875188342516.0578332571474; Wed, 30 Jan 2019 11:06:28 -0800 (PST) Received: from [172.30.0.99] (mailu_mailman-core_1.mailu_default [172.30.0.99]) by coreboot.org (Postfix) with ESMTP id C50061120EE9; Wed, 30 Jan 2019 19:06:24 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by coreboot.org (Postfix) with ESMTP id 61B221120EDA for ; Wed, 30 Jan 2019 19:06:21 +0000 (UTC) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0UJ1daD120669 for ; Wed, 30 Jan 2019 14:06:19 -0500 Received: from e14.ny.us.ibm.com (e14.ny.us.ibm.com [129.33.205.204]) by mx0a-001b2d01.pphosted.com with ESMTP id 2qbf4hrfae-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 30 Jan 2019 14:06:19 -0500 Received: from localhost by e14.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 30 Jan 2019 19:06:18 -0000 Received: from b01cxnp23032.gho.pok.ibm.com (9.57.198.27) by e14.ny.us.ibm.com (146.89.104.201) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 30 Jan 2019 19:06:16 -0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x0UJ6FxO5701696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 30 Jan 2019 19:06:15 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 56A39AC060; Wed, 30 Jan 2019 19:06:15 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3EE73AC059; Wed, 30 Jan 2019 19:06:15 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 30 Jan 2019 19:06:15 +0000 (GMT) From: Stefan Berger To: seabios@seabios.org, kevin@koconnor.net Date: Wed, 30 Jan 2019 14:06:07 -0500 X-Mailer: git-send-email 2.17.2 In-Reply-To: <20190130190607.3360267-1-stefanb@linux.ibm.com> References: <20190130190607.3360267-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 19013019-0052-0000-0000-00000380A2D2 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00010505; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000277; SDB=6.01154040; UDB=6.00601715; IPR=6.00934417; MB=3.00025357; MTD=3.00000008; XFM=3.00000015; UTC=2019-01-30 19:06:18 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19013019-0053-0000-0000-00005FA89789 Message-Id: <20190130190607.3360267-3-stefanb@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-01-30_14:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901300143 Message-ID-Hash: IKYPF5QFC7IJCWZKWJ7XGIPJX7O3TDRL X-Message-ID-Hash: IKYPF5QFC7IJCWZKWJ7XGIPJX7O3TDRL X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation CC: Stefan Berger X-Mailman-Version: 3.2.0 Precedence: list Subject: [SeaBIOS] [PATCH v3 2/2] tcgbios: Implement TPM 2.0 menu item to activate and deactivate PCR banks List-Id: SeaBIOS mailing list Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: / Authentication-Results: coreboot.org Content-Type: text/plain; charset="utf-8" Implement a TPM 2.0 menu item that allows a user to toggle the activation of PCR banks of the TPM 2.0. After successful activation we shut down the TPM 2.0 and reset the machine. Background: A TPM 2.0 may have multiple PCR banks, such as for SHA1, SHA256, SHA384, SHA512, and SM3-256. One or multiple of those banks may be active (by factory for example) and modifying the set of active PCR banks is only possible while in the firmware since it requires platform authorization. Platform authorization is not possible for a user when in the OS since the firmware generates a random password for the platform authorization before booting the system and it throws that password away. Signed-off-by: Stefan Berger --- src/std/tcg.h | 17 ++++ src/tcgbios.c | 223 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 240 insertions(+) diff --git a/src/std/tcg.h b/src/std/tcg.h index 09a92d8..1cc1c92 100644 --- a/src/std/tcg.h +++ b/src/std/tcg.h @@ -336,6 +336,12 @@ struct tpm_res_sha1complete { #define TPM2_ALG_SHA512 0x000d #define TPM2_ALG_SM3_256 0x0012 =20 +#define TPM2_ALG_SHA1_FLAG (1 << 0) +#define TPM2_ALG_SHA256_FLAG (1 << 1) +#define TPM2_ALG_SHA384_FLAG (1 << 2) +#define TPM2_ALG_SHA512_FLAG (1 << 3) +#define TPM2_ALG_SM3_256_FLAG (1 << 4) + /* TPM 2 command tags */ #define TPM2_ST_NO_SESSIONS 0x8001 #define TPM2_ST_SESSIONS 0x8002 @@ -345,8 +351,10 @@ struct tpm_res_sha1complete { #define TPM2_CC_Clear 0x126 #define TPM2_CC_ClearControl 0x127 #define TPM2_CC_HierarchyChangeAuth 0x129 +#define TPM2_CC_PCR_Allocate 0x12b #define TPM2_CC_SelfTest 0x143 #define TPM2_CC_Startup 0x144 +#define TPM2_CC_Shutdown 0x145 #define TPM2_CC_StirRandom 0x146 #define TPM2_CC_GetCapability 0x17a #define TPM2_CC_GetRandom 0x17b @@ -442,6 +450,15 @@ struct tpm2_res_getcapability { u8 data[0]; /* capability dependent data */ } PACKED; =20 +struct tpm2_req_pcr_allocate { + struct tpm_req_header hdr; + u32 authhandle; + u32 authblocksize; + struct tpm2_authblock authblock; + u32 count; + u8 tpms_pcr_selections[4]; +} PACKED; + struct tpms_pcr_selection { u16 hashAlg; u8 sizeOfSelect; diff --git a/src/tcgbios.c b/src/tcgbios.c index 0eabc60..2e503f9 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -163,23 +163,35 @@ struct tpm_log_entry { =20 static const struct hash_parameters { u16 hashalg; + u8 hashalg_flag; u8 hash_buffersize; + const char *name; } hash_parameters[] =3D { { .hashalg =3D TPM2_ALG_SHA1, + .hashalg_flag =3D TPM2_ALG_SHA1_FLAG, .hash_buffersize =3D SHA1_BUFSIZE, + .name =3D "SHA1", }, { .hashalg =3D TPM2_ALG_SHA256, + .hashalg_flag =3D TPM2_ALG_SHA256_FLAG, .hash_buffersize =3D SHA256_BUFSIZE, + .name =3D "SHA256", }, { .hashalg =3D TPM2_ALG_SHA384, + .hashalg_flag =3D TPM2_ALG_SHA384_FLAG, .hash_buffersize =3D SHA384_BUFSIZE, + .name =3D "SHA384", }, { .hashalg =3D TPM2_ALG_SHA512, + .hashalg_flag =3D TPM2_ALG_SHA512_FLAG, .hash_buffersize =3D SHA512_BUFSIZE, + .name =3D "SHA512", }, { .hashalg =3D TPM2_ALG_SM3_256, + .hashalg_flag =3D TPM2_ALG_SM3_256_FLAG, .hash_buffersize =3D SM3_256_BUFSIZE, + .name =3D "SM3-256", } }; =20 @@ -195,6 +207,42 @@ tpm20_get_hash_buffersize(u16 hashAlg) return -1; } =20 +static u8 +tpm20_hashalg_to_flag(u16 hashAlg) +{ + unsigned i; + + for (i =3D 0; i < ARRAY_SIZE(hash_parameters); i++) { + if (hash_parameters[i].hashalg =3D=3D hashAlg) + return hash_parameters[i].hashalg_flag; + } + return 0; +} + +static u16 +tpm20_hashalg_flag_to_hashalg(u8 hashalg_flag) +{ + unsigned i; + + for (i =3D 0; i < ARRAY_SIZE(hash_parameters); i++) { + if (hash_parameters[i].hashalg_flag =3D=3D hashalg_flag) + return hash_parameters[i].hashalg; + } + return 0; +} + +static const char * +tpm20_hashalg_flag_to_name(u8 hashalg_flag) +{ + unsigned i; + + for (i =3D 0; i < ARRAY_SIZE(hash_parameters); i++) { + if (hash_parameters[i].hashalg_flag =3D=3D hashalg_flag) + return hash_parameters[i].name; + } + return NULL; +} + // Add an entry at the start of the log describing digest formats static int tpm20_write_EfiSpecIdEventStruct(void) @@ -447,6 +495,115 @@ tpm20_get_pcrbanks(void) return ret; } =20 +static int +tpm20_get_suppt_pcrbanks(u8 *suppt_pcrbanks, u8 *active_pcrbanks) +{ + *suppt_pcrbanks =3D 0; + *active_pcrbanks =3D 0; + + if (!tpm20_pcr_selection) + return -1; + + struct tpms_pcr_selection *sel =3D tpm20_pcr_selection->selections; + void *end =3D (void*)tpm20_pcr_selection + tpm20_pcr_selection_size; + + while (1) { + u8 sizeOfSelect =3D sel->sizeOfSelect; + void *nsel =3D (void*)sel + sizeof(*sel) + sizeOfSelect; + if (nsel > end) + return 0; + + u16 hashalg =3D be16_to_cpu(sel->hashAlg); + u8 hashalg_flag =3D tpm20_hashalg_to_flag(hashalg); + + *suppt_pcrbanks |=3D hashalg_flag; + + unsigned i; + for (i =3D 0; i < sizeOfSelect; i++) { + if (sel->pcrSelect[i]) { + *active_pcrbanks |=3D hashalg_flag; + break; + } + } + + sel =3D nsel; + } +} + +static int +tpm20_set_pcrbanks(u32 active_banks) +{ + struct tpm2_req_pcr_allocate trpa =3D { + .hdr.tag =3D cpu_to_be16(TPM2_ST_SESSIONS), + .hdr.ordinal =3D cpu_to_be32(TPM2_CC_PCR_Allocate), + .authhandle =3D cpu_to_be32(TPM2_RH_PLATFORM), + .authblocksize =3D cpu_to_be32(sizeof(trpa.authblock)), + .authblock =3D { + .handle =3D cpu_to_be32(TPM2_RS_PW), + .noncesize =3D cpu_to_be16(0), + .contsession =3D TPM2_YES, + .pwdsize =3D cpu_to_be16(0), + }, + }; + struct tpms_pcr_selection3 { + u16 hashAlg; + u8 sizeOfSelect; + u8 pcrSelect[3]; + } tps[ARRAY_SIZE(trpa.tpms_pcr_selections)]; + int i =3D 0; + u8 hashalg_flag =3D TPM2_ALG_SHA1_FLAG; + u8 dontcare, suppt_banks; + + tpm20_get_suppt_pcrbanks(&suppt_banks, &dontcare); + + while (hashalg_flag) { + if ((hashalg_flag & suppt_banks)) { + u16 hashalg =3D tpm20_hashalg_flag_to_hashalg(hashalg_flag); + + if (hashalg) { + u8 mask =3D 0; + tps[i].hashAlg =3D cpu_to_be16(hashalg); + tps[i].sizeOfSelect =3D 3; + + if (active_banks & hashalg_flag) + mask =3D 0xff; + + tps[i].pcrSelect[0] =3D mask; + tps[i].pcrSelect[1] =3D mask; + tps[i].pcrSelect[2] =3D mask; + i++; + } + } + hashalg_flag <<=3D 1; + } + + trpa.count =3D cpu_to_be32(i); + memcpy(trpa.tpms_pcr_selections, tps, i * sizeof(tps[0])); + trpa.hdr.totlen =3D cpu_to_be32(offsetof(struct tpm2_req_pcr_allocate, + tpms_pcr_selections) + + i * sizeof(tps[0])); + + struct tpm_rsp_header rsp; + u32 resp_length =3D sizeof(rsp); + + int ret =3D tpmhw_transmit(0, &trpa.hdr, &rsp, &resp_length, + TPM_DURATION_TYPE_SHORT); + ret =3D ret ? -1 : be32_to_cpu(rsp.errcode); + + return ret; +} + +static int tpm20_activate_pcrbanks(u32 active_banks) +{ + int ret =3D tpm20_set_pcrbanks(active_banks); + if (!ret) + ret =3D tpm_simple_cmd(0, TPM2_CC_Shutdown, + 2, TPM2_SU_CLEAR, TPM_DURATION_TYPE_SHORT); + if (!ret) + reset(); + return ret; +} + static int tpm12_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32 = rsize) { @@ -1962,6 +2119,68 @@ tpm12_menu(void) } } =20 +static int +tpm20_menu_change_active_pcrbanks(void) +{ + u8 active_banks, suppt_banks; + + tpm20_get_suppt_pcrbanks(&suppt_banks, &active_banks); + + u8 activate_banks =3D active_banks; + + while (1) { + u8 hashalg_flag =3D TPM2_ALG_SHA1_FLAG; + u8 i =3D 0; + + printf("\nToggle active PCR banks by pressing number key\n\n"); + + while (hashalg_flag) { + u8 flag =3D hashalg_flag & suppt_banks; + const char *hashname =3D tpm20_hashalg_flag_to_name(flag); + + i++; + if (hashname) { + printf(" %d: %s", i, hashname); + if (activate_banks & hashalg_flag) + printf(" (enabled)"); + printf("\n"); + } + + hashalg_flag <<=3D 1; + } + printf("\n" + "ESC: return to previous menu without changes\n"); + if (activate_banks) + printf("A : activate selection\n"); + + u8 flagnum; + int show =3D 0; + while (!show) { + int scancode =3D get_keystroke(1000); + + switch (scancode) { + case ~0: + continue; + case 1: /* ESC */ + printf("\n"); + return -1; + case 2 ... 6: /* keys 1 .. 5 */ + flagnum =3D scancode - 1; + if (flagnum > i) + continue; + if (suppt_banks & (1 << (flagnum - 1))) { + activate_banks ^=3D 1 << (flagnum - 1); + show =3D 1; + } + break; + case 30: /* a */ + if (activate_banks) + tpm20_activate_pcrbanks(activate_banks); + } + } + } +} + static void tpm20_menu(void) { @@ -1970,6 +2189,7 @@ tpm20_menu(void) =20 for (;;) { printf("1. Clear TPM\n"); + printf("2. Change active PCR banks\n"); =20 printf("\nIf no change is desired or if this menu was reached by " "mistake, press ESC to\n" @@ -1988,6 +2208,9 @@ tpm20_menu(void) case 2: msgCode =3D TPM_PPI_OP_CLEAR; break; + case 3: + tpm20_menu_change_active_pcrbanks(); + continue; default: continue; } --=20 2.17.2 _______________________________________________ SeaBIOS mailing list -- seabios@seabios.org To unsubscribe send an email to seabios-leave@seabios.org