summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
Diffstat (limited to 'src/security')
-rw-r--r--src/security/tpm/tspi/tspi.c23
-rw-r--r--src/security/tpm/tss/tcg-2.0/tss.c58
2 files changed, 7 insertions, 74 deletions
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c
index e64e04fbbe..4698a4dc8c 100644
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@@ -4,7 +4,6 @@
* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
* Copyright 2017 Facebook Inc.
* Copyright 2018 Siemens AG
- * Copyright 2019 Eltan B.V.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -21,7 +20,6 @@
#include <security/tpm/tspi.h>
#include <security/tpm/tss.h>
#include <stdlib.h>
-#include <string.h>
#if CONFIG(VBOOT)
#include <vb2_api.h>
#include <vb2_sha.h>
@@ -211,28 +209,7 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
if (!digest)
return TPM_E_IOERROR;
-#if CONFIG(TPM2)
- TPML_DIGEST_VALUES tpml_digests;
-
- tpml_digests.count = 1;
- switch (digest_algo) {
- case VB2_HASH_SHA1:
- tpml_digests.digests[0].hashAlg = TPM_ALG_SHA1;
- memcpy(tpml_digests.digests[0].digest.sha1,
- digest, SHA1_DIGEST_SIZE);
- break;
- case VB2_HASH_SHA256:
- tpml_digests.digests[0].hashAlg = TPM_ALG_SHA256;
- memcpy(tpml_digests.digests[0].digest.sha256,
- digest, SHA256_DIGEST_SIZE);
- break;
- default:
- return TPM_E_IOERROR;
- }
- result = tlcl_extend(pcr, (uint8_t *)&tpml_digests, NULL);
-#else
result = tlcl_extend(pcr, digest, NULL);
-#endif
if (result != TPM_SUCCESS)
return result;
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index d9deba515d..16e40fe569 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -127,68 +127,24 @@ uint32_t tlcl_assert_physical_presence(void)
}
/*
- * The caller will provide the digest in a 32 byte buffer
+ * The caller will provide the digest in a 32 byte buffer, let's consider it a
+ * sha256 digest.
*/
uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
uint8_t *out_digest)
{
struct tpm2_pcr_extend_cmd pcr_ext_cmd;
struct tpm2_response *response;
- int i;
- TPML_DIGEST_VALUES *tpml_digests;
pcr_ext_cmd.pcrHandle = HR_PCR + pcr_num;
- tpml_digests = (TPML_DIGEST_VALUES *)in_digest;
- pcr_ext_cmd.digests.count = tpml_digests->count;
-
- for (i = 0; i < tpml_digests->count ; i++) {
- pcr_ext_cmd.digests.digests[i].hashAlg =
- tpml_digests->digests[i].hashAlg;
- switch (tpml_digests->digests[i].hashAlg) {
- case TPM_ALG_SHA1:
- memcpy(pcr_ext_cmd.digests.digests[i].digest.sha1,
- tpml_digests->digests[i].digest.sha1,
- SHA1_DIGEST_SIZE);
- break;
- case TPM_ALG_SHA256:
- memcpy(pcr_ext_cmd.digests.digests[i].digest.sha256,
- tpml_digests->digests[i].digest.sha256,
- SHA256_DIGEST_SIZE);
- break;
- case TPM_ALG_SHA384:
- memcpy(pcr_ext_cmd.digests.digests[i].digest.sha384,
- tpml_digests->digests[i].digest.sha384,
- SHA384_DIGEST_SIZE);
- break;
- case TPM_ALG_SHA512:
- memcpy(pcr_ext_cmd.digests.digests[i].digest.sha512,
- tpml_digests->digests[i].digest.sha512,
- SHA512_DIGEST_SIZE);
- break;
- case TPM_ALG_SM3_256:
- memcpy(pcr_ext_cmd.digests.digests[i].digest.sm3_256,
- tpml_digests->digests[i].digest.sm3_256,
- SM3_256_DIGEST_SIZE);
- break;
- }
- }
+ pcr_ext_cmd.digests.count = 1;
+ pcr_ext_cmd.digests.digests[0].hashAlg = TPM_ALG_SHA256;
+ memcpy(pcr_ext_cmd.digests.digests[0].digest.sha256, in_digest,
+ sizeof(pcr_ext_cmd.digests.digests[0].digest.sha256));
response = tpm_process_command(TPM2_PCR_Extend, &pcr_ext_cmd);
- /*
- * Check if we are invalidating the pcrs, ignore the error if this is
- * the case
- */
- if ((tpml_digests->count == 1) &&
- (tpml_digests->digests[0].hashAlg == TPM_ALG_ERROR) &&
- response && (response->hdr.tpm_code & ~TPM_RC_N_MASK) ==
- (TPM_RC_P | TPM_RC_HASH)) {
- printk(BIOS_SPEW, "%s: TPM_RC_HASH returned this is"
- " expected\n", __func__);
- return TPM_SUCCESS;
- }
-
- printk(BIOS_INFO, "%s: response is 0x%x\n",
+ printk(BIOS_INFO, "%s: response is %x\n",
__func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code)
return TPM_E_IOERROR;