[PATCH v6 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend()

Roberto Sassu roberto.sassu at huawei.com
Thu Dec 6 18:38:30 UTC 2018


On 12/5/2018 1:14 AM, Jarkko Sakkinen wrote:
> On Tue, Dec 04, 2018 at 09:21:38AM +0100, Roberto Sassu wrote:
>> The new tpm_bank_list structure has been preferred to the tpm_digest
>> structure, to let the caller specify the size of the digest (which may be
>> unknown to the TPM driver).
> 
> Why is that? Didn't previous commit query these?

Since the TPM driver pads/truncates the first digest passed by the
caller to extend PCRs for which no digest was provided, it must know
which amount of data it can use. It is possible that the algorithm of
the first digest is unknown for the TPM driver, if the caller of
tpm_pcr_extend() didn't check chip->allocated_banks.

By requiring that the caller passes also the digest size, this problem
does not arise. It seems reasonable to me to pass this information, as
the caller calculated the digest and it should know the digest size.

Roberto


>> +struct tpm_bank_list {
>> +	u16 alg_id;
>> +	u16 extend_size;
>> +	const u8 *extend_array;
>> +};
> 
> Naming is not good here. If this only for extending shouldn't that
> be in the structs name?
> 
> /Jarkko
> 

-- 
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI



More information about the Linux-security-module-archive mailing list