From nobody Sat Feb  7 06:21:24 2026
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 78.46.105.101 is neither permitted nor
 denied by domain of seabios.org) client-ip=78.46.105.101;
 envelope-from=seabios-bounces@seabios.org; helo=coreboot.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 78.46.105.101 is neither permitted nor denied by
 domain of seabios.org)  smtp.mailfrom=seabios-bounces@seabios.org
ARC-Seal: i=1; a=rsa-sha256; t=1585368131; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ECB320V8tlYE9Tu+mOVauISyznXbgsp7QIAOD01m5FAFLbnQIllTh4CGJJB2+6SnPyDAPGK8BN1g/xiOJSMnFNSJnPmkMxeukc0eGC8e7jvtTnLLtDAIctJJfE84GV/L+cxOIlfr4yhH3dA8rNsnlMr+Zpq7F0HXYXAwgCghv74=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1585368131;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Subject:To;
	bh=dMGKsyxutfI5/SiomyzERrKRIg1KY+hxUbZ8piGyvSw=;
	b=GntpfuLLqB23DGJEShF4LRe5152BIFh4lLvh+DqznTv9vSKYzeEJuyaqtSEWM4HxVrql7TFOEU9tM1tzLqfb4UWQCY6bXswJ29kSYZxluMZI4riBVPjVRzZmOY205DQg/dNNKPZ9qMnJ0I87VgXqpNpHfV9RzcktXbEoFoIxZwE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=none (zohomail.com: 78.46.105.101 is neither permitted nor denied by
 domain of seabios.org)  smtp.mailfrom=seabios-bounces@seabios.org
Return-Path: <seabios-bounces@seabios.org>
Received: from coreboot.org (coreboot.org [78.46.105.101]) by mx.zohomail.com
	with SMTPS id 1585368131923319.39857312652293;
 Fri, 27 Mar 2020 21:02:11 -0700 (PDT)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by coreboot.org (Postfix) with ESMTPA id 530EAB01A2F;
	Sat, 28 Mar 2020 04:02:07 +0000 (UTC)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by coreboot.org (Postfix) with ESMTP id 0C6B8B00165
	for <seabios@seabios.org>; Sat, 28 Mar 2020 04:01:49 +0000 (UTC)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
 02S349jj188517;
	Fri, 27 Mar 2020 23:27:36 -0400
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2ywdra8db6-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Fri, 27 Mar 2020 23:27:36 -0400
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by ppma01dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 02S3RNdx017528;
	Sat, 28 Mar 2020 03:27:35 GMT
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by ppma01dal.us.ibm.com with ESMTP id 301x768720-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Sat, 28 Mar 2020 03:27:35 +0000
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 02S3RZ3A15532984
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Sat, 28 Mar 2020 03:27:35 GMT
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by IMSVA (Postfix) with ESMTP id E75BCB2064;
	Sat, 28 Mar 2020 03:27:34 +0000 (GMT)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by IMSVA (Postfix) with ESMTP id D970DB2067;
	Sat, 28 Mar 2020 03:27:34 +0000 (GMT)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by b01ledav003.gho.pok.ibm.com (Postfix) with ESMTP;
	Sat, 28 Mar 2020 03:27:34 +0000 (GMT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: seabios@seabios.org, kevin@koconnor.net
Date: Fri, 27 Mar 2020 23:27:31 -0400
Message-Id: <20200328032733.841258-2-stefanb@linux.vnet.ibm.com>
In-Reply-To: <20200328032733.841258-1-stefanb@linux.vnet.ibm.com>
References: <20200328032733.841258-1-stefanb@linux.vnet.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.645
 definitions=2020-03-27_09:2020-03-27,2020-03-27 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 malwarescore=0 bulkscore=0
 adultscore=0 impostorscore=0 lowpriorityscore=0 phishscore=0
 priorityscore=1501 clxscore=1011 suspectscore=0 mlxlogscore=999 mlxscore=0
 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2003020000 definitions=main-2003280023
X-Spam-Level: ****
Message-ID-Hash: CILM5LTY23D63LYBQIVVQK2NDERB7DU2
X-Message-ID-Hash: CILM5LTY23D63LYBQIVVQK2NDERB7DU2
X-MailFrom: stefanb@linux.vnet.ibm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-seabios.seabios.org-0;
 header-match-seabios.seabios.org-1; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
CC: Stefan Berger <stefanb@linux.ibm.com>
X-Mailman-Version: 3.3.1
Precedence: list
Subject: [SeaBIOS] [PATCH 1/3] tcgbios: Only write logs for PCRs that are in
 active PCR banks
List-Id: SeaBIOS mailing list <seabios.seabios.org>
Archived-At: 
 <https://mail.coreboot.org/hyperkitty/list/seabios@seabios.org/message/CILM5LTY23D63LYBQIVVQK2NDERB7DU2/>
List-Archive: <https://mail.coreboot.org/hyperkitty/list/seabios@seabios.org/>
List-Help: <mailto:seabios-request@seabios.org?subject=help>
List-Post: <mailto:seabios@seabios.org>
List-Subscribe: <mailto:seabios-join@seabios.org>
List-Unsubscribe: <mailto:seabios-leave@seabios.org>
Content-Transfer-Encoding: quoted-printable
Authentication-Results: coreboot.org;
	auth=pass smtp.auth=mailman@coreboot.org
 smtp.mailfrom=seabios-bounces@seabios.org
X-Spamd-Bar: /
Content-Type: text/plain; charset="utf-8"

Only write the logs for those PCRs that are in active PCR banks.
A PCR banks is assumed to be active if any of the BIOS relevant
PCRs 0 -  7 is enabled, thus pcrSelect[0] !=3D 0.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
---
 src/tcgbios.c | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/src/tcgbios.c b/src/tcgbios.c
index 95c1e94..997da87 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -265,7 +265,7 @@ tpm20_write_EfiSpecIdEventStruct(void)
     struct tpms_pcr_selection *sel =3D tpm20_pcr_selection->selections;
     void *nsel, *end =3D (void*)tpm20_pcr_selection + tpm20_pcr_selection_=
size;
=20
-    u32 count;
+    u32 count, numAlgs =3D 0;
     for (count =3D 0; count < be32_to_cpu(tpm20_pcr_selection->count); cou=
nt++) {
         u8 sizeOfSelect =3D sel->sizeOfSelect;
=20
@@ -273,6 +273,11 @@ tpm20_write_EfiSpecIdEventStruct(void)
         if (nsel > end)
             break;
=20
+        if (sel->pcrSelect[0] =3D=3D 0) {
+            sel =3D nsel;
+            continue;
+        }
+
         int hsize =3D tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg));
         if (hsize < 0) {
             dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n",
@@ -287,8 +292,9 @@ tpm20_write_EfiSpecIdEventStruct(void)
             return -1;
         }
=20
-        event.hdr.digestSizes[count].algorithmId =3D be16_to_cpu(sel->hash=
Alg);
-        event.hdr.digestSizes[count].digestSize =3D hsize;
+        event.hdr.digestSizes[numAlgs].algorithmId =3D be16_to_cpu(sel->ha=
shAlg);
+        event.hdr.digestSizes[numAlgs].digestSize =3D hsize;
+        numAlgs++;
=20
         sel =3D nsel;
     }
@@ -298,9 +304,9 @@ tpm20_write_EfiSpecIdEventStruct(void)
         return -1;
     }
=20
-    event.hdr.numberOfAlgorithms =3D count;
+    event.hdr.numberOfAlgorithms =3D numAlgs;
     int event_size =3D offsetof(struct TCG_EfiSpecIdEventStruct
-                              , digestSizes[count]);
+                              , digestSizes[numAlgs]);
     u32 *vendorInfoSize =3D (void*)&event + event_size;
     *vendorInfoSize =3D 0;
     event_size +=3D sizeof(*vendorInfoSize);
@@ -336,7 +342,7 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *=
sha1, int bigEndian)
     void *nsel, *end =3D (void*)tpm20_pcr_selection + tpm20_pcr_selection_=
size;
     void *dest =3D le->hdr.digest + sizeof(struct tpm2_digest_values);
=20
-    u32 count;
+    u32 count, numAlgs =3D 0;
     for (count =3D 0; count < be32_to_cpu(tpm20_pcr_selection->count); cou=
nt++) {
         u8 sizeOfSelect =3D sel->sizeOfSelect;
=20
@@ -344,6 +350,12 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 =
*sha1, int bigEndian)
         if (nsel > end)
             break;
=20
+        /* PCR 0-7 unused? -- skip */
+        if (sel->pcrSelect[0] =3D=3D 0) {
+            sel =3D nsel;
+            continue;
+        }
+
         int hsize =3D tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg));
         if (hsize < 0) {
             dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n",
@@ -368,6 +380,8 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *=
sha1, int bigEndian)
=20
         dest +=3D sizeof(*v) + hsize;
         sel =3D nsel;
+
+        numAlgs++;
     }
=20
     if (sel !=3D end) {
@@ -377,9 +391,9 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *=
sha1, int bigEndian)
=20
     struct tpm2_digest_values *v =3D (void*)le->hdr.digest;
     if (bigEndian)
-        v->count =3D cpu_to_be32(count);
+        v->count =3D cpu_to_be32(numAlgs);
     else
-        v->count =3D count;
+        v->count =3D numAlgs;
=20
     return dest - (void*)le->hdr.digest;
 }
--=20
2.24.1
_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org