[PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size
Roberto Sassu
roberto.sassu at huawei.com
Fri Nov 16 16:06:48 UTC 2018
On 11/16/2018 2:41 PM, Jarkko Sakkinen wrote:
> On Wed, Nov 14, 2018 at 04:31:07PM +0100, Roberto Sassu wrote:
>> This patch protects against data corruption that could happen in the bus,
>> by checking that that the digest size returned by the TPM during a PCR read
>> matches the size of the algorithm passed to tpm2_pcr_read().
>>
>> This check is performed after information about the PCR banks has been
>> retrieved.
>>
>> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
>> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen at linux.intel.com>
>> Cc: stable at vger.kernel.org
>
> Missing fixes tag.
Before this patch set, tpm2_pcr_extend() always copied 20 bytes from the
output sent by the TPM.
Roberto
> /Jarkko
>
--
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI
More information about the Linux-security-module-archive
mailing list