From nobody Mon Feb  9 10:28:11 2026
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 78.46.105.101 is neither permitted nor
 denied by domain of seabios.org) client-ip=78.46.105.101;
 envelope-from=seabios-bounces@seabios.org; helo=coreboot.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 78.46.105.101 is neither permitted nor denied by
 domain of seabios.org)  smtp.mailfrom=seabios-bounces@seabios.org
ARC-Seal: i=1; a=rsa-sha256; t=1585569878; cv=none;
	d=zohomail.com; s=zohoarc;
	b=CjuPBSlHR/zj9S7ecNAXEaAvY83KoLngP7SKJ1HjkdQtZglJg8vb/VMA9qIIZcWHIZ0vv7rIHy4sg114g95J8CjL2ISck6ivIqz+IU9R+o7vkEN/J2yBZsEBfreAY43mIl3av/JWpVOuCAWzNrH6aCXePP7+Ysny67mcVH5l3YY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1585569878;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Subject:To;
	bh=ILse3pQB04FYNMEWWkhVR4g57+V/5zbx7u6ZzBoIdBQ=;
	b=CL166zwxrl1WkhITVF8LvLeY9kSYAwIW4YA8pm6PHBTz0FNIyujQbci6I5OSvVd0qXP3/jF2BdTsN8QdMxXY/1uNPQTLwanXb+orvQrwKPQ9SjnbF09wI6AI3bXMdVHBsuY07Lfyb4a16A/NrrHXePjbZ+fPtmf0/5UWY7OXiWc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=none (zohomail.com: 78.46.105.101 is neither permitted nor denied by
 domain of seabios.org)  smtp.mailfrom=seabios-bounces@seabios.org
Return-Path: <seabios-bounces@seabios.org>
Received: from coreboot.org (coreboot.org [78.46.105.101]) by mx.zohomail.com
	with SMTPS id 1585569878104690.6312714673319;
 Mon, 30 Mar 2020 05:04:38 -0700 (PDT)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by coreboot.org (Postfix) with ESMTPA id 8E6B3B01A89;
	Mon, 30 Mar 2020 12:04:33 +0000 (UTC)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by coreboot.org (Postfix) with ESMTP id ECFCAB01A88
	for <seabios@seabios.org>; Mon, 30 Mar 2020 12:04:19 +0000 (UTC)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
 02UBWda2066184;
	Mon, 30 Mar 2020 07:56:04 -0400
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3021vtgqye-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 30 Mar 2020 07:56:04 -0400
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 02UBZ32Z073611;
	Mon, 30 Mar 2020 07:56:03 -0400
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3021vtgqy2-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 30 Mar 2020 07:56:03 -0400
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by ppma04dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 02UBtB0K010052;
	Mon, 30 Mar 2020 11:56:02 GMT
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by ppma04dal.us.ibm.com with ESMTP id 301x764fd9-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 30 Mar 2020 11:56:02 +0000
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 02UBu1wW28180864
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Mon, 30 Mar 2020 11:56:01 GMT
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by IMSVA (Postfix) with ESMTP id 826266A04D;
	Mon, 30 Mar 2020 11:56:01 +0000 (GMT)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by IMSVA (Postfix) with ESMTP id 08F326A04F;
	Mon, 30 Mar 2020 11:56:00 +0000 (GMT)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP;
	Mon, 30 Mar 2020 11:56:00 +0000 (GMT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: seabios@seabios.org, kevin@koconnor.net
Date: Mon, 30 Mar 2020 07:55:55 -0400
Message-Id: <20200330115557.865734-2-stefanb@linux.vnet.ibm.com>
In-Reply-To: <20200330115557.865734-1-stefanb@linux.vnet.ibm.com>
References: <20200330115557.865734-1-stefanb@linux.vnet.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.645
 definitions=2020-03-30_01:2020-03-27,2020-03-30 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 lowpriorityscore=0
 priorityscore=1501 mlxlogscore=999 mlxscore=0 suspectscore=0 spamscore=0
 malwarescore=0 adultscore=0 clxscore=1015 impostorscore=0 bulkscore=0
 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2003020000 definitions=main-2003300106
X-MIME-Autoconverted: from 8bit to quoted-printable by
 mx0a-001b2d01.pphosted.com id 02UBWda2066184
Message-ID-Hash: DKOXO4AAABAXEIF5J7ZYJFK3AJ6HVIDD
X-Message-ID-Hash: DKOXO4AAABAXEIF5J7ZYJFK3AJ6HVIDD
X-MailFrom: stefanb@linux.vnet.ibm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-seabios.seabios.org-0;
 header-match-seabios.seabios.org-1; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
CC: Stefan Berger <stefanb@linux.ibm.com>
X-Mailman-Version: 3.3.1
Precedence: list
Subject: [SeaBIOS] [PATCH v2 1/3] tcgbios: Only write logs for PCRs that are
 in active PCR banks
List-Id: SeaBIOS mailing list <seabios.seabios.org>
Archived-At: 
 <https://mail.coreboot.org/hyperkitty/list/seabios@seabios.org/message/DKOXO4AAABAXEIF5J7ZYJFK3AJ6HVIDD/>
List-Archive: <https://mail.coreboot.org/hyperkitty/list/seabios@seabios.org/>
List-Help: <mailto:seabios-request@seabios.org?subject=help>
List-Post: <mailto:seabios@seabios.org>
List-Subscribe: <mailto:seabios-join@seabios.org>
List-Unsubscribe: <mailto:seabios-leave@seabios.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spamd-Bar: ++++
X-Spam-Level: ****
Authentication-Results: coreboot.org;
	auth=pass smtp.auth=mailman@coreboot.org
 smtp.mailfrom=seabios-bounces@seabios.org

Only write the logs for those PCRs that are in active PCR banks.
A PCR banks is assumed to be active if any of the BIOS relevant
PCRs 0 -  7 is enabled, thus pcrSelect[0] !=3D 0.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
---
 src/tcgbios.c | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/src/tcgbios.c b/src/tcgbios.c
index 95c1e94..cc3a51f 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -265,7 +265,7 @@ tpm20_write_EfiSpecIdEventStruct(void)
     struct tpms_pcr_selection *sel =3D tpm20_pcr_selection->selections;
     void *nsel, *end =3D (void*)tpm20_pcr_selection + tpm20_pcr_selection_=
size;
=20
-    u32 count;
+    u32 count, numAlgs =3D 0;
     for (count =3D 0; count < be32_to_cpu(tpm20_pcr_selection->count); cou=
nt++) {
         u8 sizeOfSelect =3D sel->sizeOfSelect;
=20
@@ -273,6 +273,11 @@ tpm20_write_EfiSpecIdEventStruct(void)
         if (nsel > end)
             break;
=20
+        if (!sizeOfSelect || sel->pcrSelect[0] =3D=3D 0) {
+            sel =3D nsel;
+            continue;
+        }
+
         int hsize =3D tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg));
         if (hsize < 0) {
             dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n",
@@ -287,8 +292,9 @@ tpm20_write_EfiSpecIdEventStruct(void)
             return -1;
         }
=20
-        event.hdr.digestSizes[count].algorithmId =3D be16_to_cpu(sel->hash=
Alg);
-        event.hdr.digestSizes[count].digestSize =3D hsize;
+        event.hdr.digestSizes[numAlgs].algorithmId =3D be16_to_cpu(sel->ha=
shAlg);
+        event.hdr.digestSizes[numAlgs].digestSize =3D hsize;
+        numAlgs++;
=20
         sel =3D nsel;
     }
@@ -298,9 +304,9 @@ tpm20_write_EfiSpecIdEventStruct(void)
         return -1;
     }
=20
-    event.hdr.numberOfAlgorithms =3D count;
+    event.hdr.numberOfAlgorithms =3D numAlgs;
     int event_size =3D offsetof(struct TCG_EfiSpecIdEventStruct
-                              , digestSizes[count]);
+                              , digestSizes[numAlgs]);
     u32 *vendorInfoSize =3D (void*)&event + event_size;
     *vendorInfoSize =3D 0;
     event_size +=3D sizeof(*vendorInfoSize);
@@ -336,7 +342,7 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *=
sha1, int bigEndian)
     void *nsel, *end =3D (void*)tpm20_pcr_selection + tpm20_pcr_selection_=
size;
     void *dest =3D le->hdr.digest + sizeof(struct tpm2_digest_values);
=20
-    u32 count;
+    u32 count, numAlgs =3D 0;
     for (count =3D 0; count < be32_to_cpu(tpm20_pcr_selection->count); cou=
nt++) {
         u8 sizeOfSelect =3D sel->sizeOfSelect;
=20
@@ -344,6 +350,12 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 =
*sha1, int bigEndian)
         if (nsel > end)
             break;
=20
+        /* PCR 0-7 unused? -- skip */
+        if (!sizeOfSelect || sel->pcrSelect[0] =3D=3D 0) {
+            sel =3D nsel;
+            continue;
+        }
+
         int hsize =3D tpm20_get_hash_buffersize(be16_to_cpu(sel->hashAlg));
         if (hsize < 0) {
             dprintf(DEBUG_tcg, "TPM is using an unsupported hash: %d\n",
@@ -368,6 +380,8 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *=
sha1, int bigEndian)
=20
         dest +=3D sizeof(*v) + hsize;
         sel =3D nsel;
+
+        numAlgs++;
     }
=20
     if (sel !=3D end) {
@@ -377,9 +391,9 @@ tpm20_build_digest(struct tpm_log_entry *le, const u8 *=
sha1, int bigEndian)
=20
     struct tpm2_digest_values *v =3D (void*)le->hdr.digest;
     if (bigEndian)
-        v->count =3D cpu_to_be32(count);
+        v->count =3D cpu_to_be32(numAlgs);
     else
-        v->count =3D count;
+        v->count =3D numAlgs;
=20
     return dest - (void*)le->hdr.digest;
 }
--=20
2.24.1
_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org