diff options
| author | Nayna Jain <nayna@linux.vnet.ibm.com> | 2017-01-30 04:59:41 -0500 |
|---|---|---|
| committer | Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> | 2017-02-03 22:03:14 +0200 |
| commit | c1f92b4b04ad7006bdcbd1d5bb63f2864b06b7f8 (patch) | |
| tree | 805ea1b006b4394854ae70db7bd409bb2c9611d8 /drivers/char/tpm/tpm.h | |
| parent | 1db15344f874f656b267a79467d1e7ee6442ba09 (diff) | |
| download | op-kernel-dev-c1f92b4b04ad7006bdcbd1d5bb63f2864b06b7f8.zip op-kernel-dev-c1f92b4b04ad7006bdcbd1d5bb63f2864b06b7f8.tar.gz | |
tpm: enhance TPM 2.0 PCR extend to support multiple banks
The current TPM 2.0 device driver extends only the SHA1 PCR bank
but the TCG Specification[1] recommends extending all active PCR
banks, to prevent malicious users from setting unused PCR banks with
fake measurements and quoting them.
The existing in-kernel interface(tpm_pcr_extend()) expects only a
SHA1 digest. To extend all active PCR banks with differing
digest sizes, the SHA1 digest is padded with trailing 0's as needed.
This patch reuses the defined digest sizes from the crypto subsystem,
adding a dependency on CRYPTO_HASH_INFO module.
[1] TPM 2.0 Specification referred here is "TCG PC Client Specific
Platform Firmware Profile for TPM 2.0"
Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Kenneth Goldman <kgold@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Diffstat (limited to 'drivers/char/tpm/tpm.h')
| -rw-r--r-- | drivers/char/tpm/tpm.h | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index db0398a..4b7eca9 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -34,6 +34,7 @@ #include <linux/acpi.h> #include <linux/cdev.h> #include <linux/highmem.h> +#include <crypto/hash_info.h> #include "tpm_eventlog.h" @@ -380,6 +381,11 @@ struct tpm_cmd_t { tpm_cmd_params params; } __packed; +struct tpm2_digest { + u16 alg_id; + u8 digest[SHA512_DIGEST_SIZE]; +} __packed; + /* A string buffer type for constructing TPM commands. This is based on the * ideas of string buffer code in security/keys/trusted.h but is heap based * in order to keep the stack usage minimal. @@ -529,7 +535,8 @@ static inline inline u32 tpm2_rc_value(u32 rc) } int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf); -int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash); +int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, u32 count, + struct tpm2_digest *digests); int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max); int tpm2_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload, |
