The efi/tpm code has a number of small signed/unsigned bugs and
inaccuracies are prone to cause further bugs in a difficult to
debug manner. For example, there is a signed/unsigned mismatch
in efi/tpm.c that leads to a memblock_reserve on a range with
an effectively negative length.
Additionally, there are silently ignored error conditions that are
better explicitly reported.
Finally, there exists some bad interaction between tpm and kexec
that causes the log version and the log size to become corrupted.
The log size cannot be reasonably sanity checked, as the value is
a u32 and there is no defined max-size per the spec - however the
version can at least be sanity checked. This reports the error and
avoids calling memblock_reserve with clearly corrupted arguments.
Signed-off-by: Gregory Price <gourry@gourry.net>
Gregory Price (6):
tpm: fix signed/unsigned bug when checking event logs
tpm: do not ignore memblock_reserve return value
libstub,tpm: provide indication of failure when getting event log
tpm: sanity check the log version before using it
tpm: fix unsigned/signed mismatch errors related to
__calc_tpm2_event_size
libstub,tpm: do not ignore failure case when reading final event log
drivers/firmware/efi/libstub/tpm.c | 14 ++++++++----
drivers/firmware/efi/tpm.c | 34 +++++++++++++++++++++---------
include/linux/tpm_eventlog.h | 2 +-
3 files changed, 35 insertions(+), 15 deletions(-)
--
2.43.0