[PATCH 3/3] efi_loader: fix efi_tcg2_hash_log_extend_event() parameter check
Ilias Apalodimas
ilias.apalodimas at linaro.org
Fri Sep 3 08:20:17 CEST 2021
Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
On Fri, 3 Sept 2021 at 04:54, Masahisa Kojima
<masahisa.kojima at linaro.org> wrote:
>
> TCG EFI Protocol Specification defines that PCRIndex parameter
> passed from caller must be 0 to 23.
> TPM2_MAX_PCRS is currently used to check the range of PCRIndex,
> but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value.
> This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to
> check the range of PCRIndex parameter.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> ---
> include/efi_tcg2.h | 2 ++
> lib/efi_loader/efi_tcg2.c | 2 +-
> 2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
> index 45788d55d5..b647361d44 100644
> --- a/include/efi_tcg2.h
> +++ b/include/efi_tcg2.h
> @@ -28,6 +28,8 @@
> #define EFI_TCG2_EXTEND_ONLY 0x0000000000000001
> #define PE_COFF_IMAGE 0x0000000000000010
>
> +#define EFI_TCG2_MAX_PCR_INDEX 23
> +
> /* Algorithm Registry */
> #define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001
> #define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002
> diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
> index c4e9f61fd6..b268a02976 100644
> --- a/lib/efi_loader/efi_tcg2.c
> +++ b/lib/efi_loader/efi_tcg2.c
> @@ -958,7 +958,7 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
> goto out;
> }
>
> - if (efi_tcg_event->header.pcr_index > TPM2_MAX_PCRS) {
> + if (efi_tcg_event->header.pcr_index > EFI_TCG2_MAX_PCR_INDEX) {
> ret = EFI_INVALID_PARAMETER;
> goto out;
> }
> --
> 2.17.1
>
More information about the U-Boot
mailing list