[PATCH v2 09/10] sandbox: tpm: Correct handling of SANDBOX_TPM_PCR_NB

[Simon Glass]

This is the number of PCRs, so the current check is off by one. Also the
map itself should not be checked, just the resulting pcr_index, to avoid
confusing people who read the code.

Fix these problems.

Signed-off-by: Simon Glass <sjg at chromium.org>
---

Changes in v2:
- Add new patch to correct handling of SANDBOX_TPM_PCR_NB

 drivers/tpm/tpm2_tis_sandbox.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
index ed9c9a0bc9f..3c4bbcdf2ee 100644
--- a/drivers/tpm/tpm2_tis_sandbox.c
+++ b/drivers/tpm/tpm2_tis_sandbox.c
@@ -642,15 +642,8 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
 		for (i = 0; i < pcr_array_sz; i++)
 			pcr_map += (u64)sent[i] << (i * 8);
 
-		if (pcr_map >> SANDBOX_TPM_PCR_NB) {
-			printf("Sandbox TPM handles up to %d PCR(s)\n",
-			       SANDBOX_TPM_PCR_NB);
-			rc = TPM2_RC_VALUE;
-			return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
-		}
-
 		if (!pcr_map) {
-			printf("Empty PCR map.\n");
+			printf("Empty PCR map\n");
 			rc = TPM2_RC_VALUE;
 			return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
 		}
@@ -659,6 +652,13 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
 			if (pcr_map & BIT(i))
 				pcr_index = i;
 
+		if (pcr_index >= SANDBOX_TPM_PCR_NB) {
+			printf("Invalid index %d, sandbox TPM handles up to %d PCR(s)\n",
+			       pcr_index, SANDBOX_TPM_PCR_NB);
+			rc = TPM2_RC_VALUE;
+			return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
+		}
+
 		/* Write tag */
 		put_unaligned_be16(tag, recv);
 		recv += sizeof(tag);
@@ -692,9 +692,9 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
 		pcr_index = get_unaligned_be32(sendbuf + sizeof(tag) +
 					       sizeof(length) +
 					       sizeof(command));
-		if (pcr_index > SANDBOX_TPM_PCR_NB) {
-			printf("Sandbox TPM handles up to %d PCR(s)\n",
-			       SANDBOX_TPM_PCR_NB);
+		if (pcr_index >= SANDBOX_TPM_PCR_NB) {
+			printf("Invalid index %d, sandbox TPM handles up to %d PCR(s)\n",
+			       pcr_index, SANDBOX_TPM_PCR_NB);
 			rc = TPM2_RC_VALUE;
 		}
 
-- 
2.32.0.402.g57bb445576-goog