[PATCH v8 4/7] tpm: retrieve digest size of unknown algorithms with PCR read
jarkko.sakkinen at linux.intel.com
Tue Jan 29 20:14:05 UTC 2019
On Thu, Jan 24, 2019 at 04:49:07PM +0100, Roberto Sassu wrote:
> Currently, the TPM driver retrieves the digest size from a table mapping
> TPM algorithms identifiers to identifiers defined by the crypto subsystem.
> If the algorithm is not defined by the latter, the digest size can be
> retrieved from the output of the PCR read command.
> The patch modifies the definition of tpm_pcr_read() and tpm2_pcr_read() to
> pass the desired hash algorithm and obtain the digest size at TPM startup.
> Algorithms and corresponding digest sizes are stored in the new structure
> tpm_bank_info, member of tpm_chip, so that the information can be used by
> other kernel subsystems.
> tpm_bank_info contains: the TPM algorithm identifier, necessary to generate
> the event log as defined by Trusted Computing Group (TCG); the digest size,
> to pad/truncate a digest calculated with a different algorithm; the crypto
> subsystem identifier, to calculate the digest of event data.
> This patch also protects against data corruption that could happen in the
> bus, by checking that the digest size returned by the TPM during a PCR read
> matches the size of the algorithm passed to tpm2_pcr_read().
> For the initial PCR read, when digest sizes are not yet available, this
> patch ensures that the amount of data copied from the output returned by
> the TPM does not exceed the size of the array data are copied to.
> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen at linux.intel.com>
> Acked-by: Mimi Zohar <zohar at linux.ibm.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen at linux.intel.com>
More information about the Linux-security-module-archive