Only write the logs for those PCRs that are in active PCR banks.
A PCR banks is assumed to be active if any of the BIOS relevant
PCRs 0 -  7 is enabled, thus pcrSelect[0] != 0.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/tcgbios.c | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/src/tcgbios.c b/src/tcgbios.c
index 95c1e94..997da87 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -265,7 +265,7 @@ tpm20_write_EfiSpecIdEventStruct(void)
     struct tpms_pcr_selection *sel = tpm20_pcr_selection->selections;
     void *nsel, *end = (void*)tpm20_pcr_selection + tpm20_pcr_selection_size;
 
-    u32 count;
+    u32 count, numAlgs = 0;
     for (count = 0; count < be32_to_cpu(tpm20_pcr_selection->count); count++) {
         u8 sizeOfSelect = sel->sizeOfSelect;
 
@@ -273,6 +273,11 @@ tpm20_write_EfiSpecIdEventStruct(void)
         if (nsel > end)
             break;
 
+        if (sel->pcrSelect[0] == 0) {
+            sel = nsel;
+            continue;
+        }
+
         int hsize = tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg));
         if (hsize < 0) {
             dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n",
@@ -287,8 +292,9 @@ tpm20_write_EfiSpecIdEventStruct(void)
             return -1;
         }
 
-        event.hdr.digestSizes[count].algorithmId = be16_to_cpu(sel->hashAlg);
-        event.hdr.digestSizes[count].digestSize = hsize;
+        event.hdr.digestSizes[numAlgs].algorithmId = be16_to_cpu(sel->hashAlg);
+        event.hdr.digestSizes[numAlgs].digestSize = hsize;
+        numAlgs++;
 
         sel = nsel;
     }
@@ -298,9 +304,9 @@ tpm20_write_EfiSpecIdEventStruct(void)
         return -1;
     }
 
-    event.hdr.numberOfAlgorithms = count;
+    event.hdr.numberOfAlgorithms = numAlgs;
     int event_size = offsetof(struct TCG_EfiSpecIdEventStruct
-                              , digestSizes[count]);
+                              , digestSizes[numAlgs]);
     u32 *vendorInfoSize = (void*)&event + event_size;
     *vendorInfoSize = 0;
     event_size += sizeof(*vendorInfoSize);
@@ -336,7 +342,7 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)
     void *nsel, *end = (void*)tpm20_pcr_selection + tpm20_pcr_selection_size;
     void *dest = le->hdr.digest + sizeof(struct tpm2_digest_values);
 
-    u32 count;
+    u32 count, numAlgs = 0;
     for (count = 0; count < be32_to_cpu(tpm20_pcr_selection->count); count++) {
         u8 sizeOfSelect = sel->sizeOfSelect;
 
@@ -344,6 +350,12 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)
         if (nsel > end)
             break;
 
+        /* PCR 0-7 unused? -- skip */
+        if (sel->pcrSelect[0] == 0) {
+            sel = nsel;
+            continue;
+        }
+
         int hsize = tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg));
         if (hsize < 0) {
             dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n",
@@ -368,6 +380,8 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)
 
         dest += sizeof(*v) + hsize;
         sel = nsel;
+
+        numAlgs++;
     }
 
     if (sel != end) {
@@ -377,9 +391,9 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)
 
     struct tpm2_digest_values *v = (void*)le->hdr.digest;
     if (bigEndian)
-        v->count = cpu_to_be32(count);
+        v->count = cpu_to_be32(numAlgs);
     else
-        v->count = count;
+        v->count = numAlgs;
 
     return dest - (void*)le->hdr.digest;
 }
-- 
2.24.1
_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org

On Sat, Mar 28, 2020 at 5:02 AM Stefan Berger
<stefanb@linux.vnet.ibm.com> wrote:
>
> Only write the logs for those PCRs that are in active PCR banks.
> A PCR banks is assumed to be active if any of the BIOS relevant
> PCRs 0 -  7 is enabled, thus pcrSelect[0] != 0.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>


> ---
>  src/tcgbios.c | 30 ++++++++++++++++++++++--------
>  1 file changed, 22 insertions(+), 8 deletions(-)
>
> diff --git a/src/tcgbios.c b/src/tcgbios.c
> index 95c1e94..997da87 100644
> --- a/src/tcgbios.c
> +++ b/src/tcgbios.c
> @@ -265,7 +265,7 @@ tpm20_write_EfiSpecIdEventStruct(void)
>      struct tpms_pcr_selection *sel = tpm20_pcr_selection->selections;
>      void *nsel, *end = (void*)tpm20_pcr_selection + tpm20_pcr_selection_size;
>
> -    u32 count;
> +    u32 count, numAlgs = 0;
>      for (count = 0; count < be32_to_cpu(tpm20_pcr_selection->count); count++) {
>          u8 sizeOfSelect = sel->sizeOfSelect;
>
> @@ -273,6 +273,11 @@ tpm20_write_EfiSpecIdEventStruct(void)
>          if (nsel > end)
>              break;
>
> +        if (sel->pcrSelect[0] == 0) {
> +            sel = nsel;
> +            continue;
> +        }
> +
>          int hsize = tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg));
>          if (hsize < 0) {
>              dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n",
> @@ -287,8 +292,9 @@ tpm20_write_EfiSpecIdEventStruct(void)
>              return -1;
>          }
>
> -        event.hdr.digestSizes[count].algorithmId = be16_to_cpu(sel->hashAlg);
> -        event.hdr.digestSizes[count].digestSize = hsize;
> +        event.hdr.digestSizes[numAlgs].algorithmId = be16_to_cpu(sel->hashAlg);
> +        event.hdr.digestSizes[numAlgs].digestSize = hsize;
> +        numAlgs++;
>
>          sel = nsel;
>      }
> @@ -298,9 +304,9 @@ tpm20_write_EfiSpecIdEventStruct(void)
>          return -1;
>      }
>
> -    event.hdr.numberOfAlgorithms = count;
> +    event.hdr.numberOfAlgorithms = numAlgs;
>      int event_size = offsetof(struct TCG_EfiSpecIdEventStruct
> -                              , digestSizes[count]);
> +                              , digestSizes[numAlgs]);
>      u32 *vendorInfoSize = (void*)&event + event_size;
>      *vendorInfoSize = 0;
>      event_size += sizeof(*vendorInfoSize);
> @@ -336,7 +342,7 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)
>      void *nsel, *end = (void*)tpm20_pcr_selection + tpm20_pcr_selection_size;
>      void *dest = le->hdr.digest + sizeof(struct tpm2_digest_values);
>
> -    u32 count;
> +    u32 count, numAlgs = 0;
>      for (count = 0; count < be32_to_cpu(tpm20_pcr_selection->count); count++) {
>          u8 sizeOfSelect = sel->sizeOfSelect;
>
> @@ -344,6 +350,12 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)
>          if (nsel > end)
>              break;
>
> +        /* PCR 0-7 unused? -- skip */
> +        if (sel->pcrSelect[0] == 0) {
> +            sel = nsel;
> +            continue;
> +        }
> +
>          int hsize = tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg));
>          if (hsize < 0) {
>              dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n",
> @@ -368,6 +380,8 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)
>
>          dest += sizeof(*v) + hsize;
>          sel = nsel;
> +
> +        numAlgs++;
>      }
>
>      if (sel != end) {
> @@ -377,9 +391,9 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *sha1, int bigEndian)
>
>      struct tpm2_digest_values *v = (void*)le->hdr.digest;
>      if (bigEndian)
> -        v->count = cpu_to_be32(count);
> +        v->count = cpu_to_be32(numAlgs);
>      else
> -        v->count = count;
> +        v->count = numAlgs;
>
>      return dest - (void*)le->hdr.digest;
>  }
> --
> 2.24.1
> _______________________________________________
> SeaBIOS mailing list -- seabios@seabios.org
> To unsubscribe send an email to seabios-leave@seabios.org
>
_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org