[PATCH 05/11] tpm: add flag in hash_algo_list and API to check if algorithm is supported

Ilias Apalodimas ilias.apalodimas at linaro.org
Tue Dec 24 08:07:49 CET 2024 

On Mon, 23 Dec 2024 at 16:48, Raymond Mao <raymond.mao at linaro.org> wrote:
>
> Add a bool var into hash_algo_list to indicate whether the algorithm
> is supported or not and move the IS_ENABLED to only cover this var.
> So that we can have the name, hash, mask and size no matter the
> digest kconfigs are enabled or not.
>
> In before, tpm2_algorithm_to_len() and tcg2_algorithm_to_mask() are used to
> identify an unsupported algorithm when they return 0.
> It is not the case now when hash_algo_list always provides algorithm size
> and mask, thus a new API is introduced to check if an algorithm is
> supported by U-Boot.
>
> Suggested-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> ---
>  include/tpm-v2.h | 37 +++++++++++++++++++++++++++++--------
>  lib/tpm-v2.c     | 14 +++++++++++++-
>  lib/tpm_tcg2.c   | 17 +++++++++--------
>  3 files changed, 51 insertions(+), 17 deletions(-)
>
> diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> index 87b2c614ad..c49eadda26 100644
> --- a/include/tpm-v2.h
> +++ b/include/tpm-v2.h
> @@ -268,6 +268,7 @@ struct digest_info {
>         u16 hash_alg;
>         u32 hash_mask;
>         u16 hash_len;
> +       bool supported;
>  };
>
>  /* Algorithm Registry */
> @@ -278,38 +279,50 @@ struct digest_info {
>  #define TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
>
>  static const struct digest_info hash_algo_list[] = {
> -#if IS_ENABLED(CONFIG_SHA1)
>         {
>                 "sha1",
>                 TPM2_ALG_SHA1,
>                 TCG2_BOOT_HASH_ALG_SHA1,
>                 TPM2_SHA1_DIGEST_SIZE,
> -       },
> +#if IS_ENABLED(CONFIG_SHA1)
> +               true,
> +#else
> +               false,
>  #endif
> -#if IS_ENABLED(CONFIG_SHA256)
> +       },
>         {
>                 "sha256",
>                 TPM2_ALG_SHA256,
>                 TCG2_BOOT_HASH_ALG_SHA256,
>                 TPM2_SHA256_DIGEST_SIZE,
> -       },
> +#if IS_ENABLED(CONFIG_SHA256)
> +               true,
> +#else
> +               false,
>  #endif
> -#if IS_ENABLED(CONFIG_SHA384)
> +       },
>         {
>                 "sha384",
>                 TPM2_ALG_SHA384,
>                 TCG2_BOOT_HASH_ALG_SHA384,
>                 TPM2_SHA384_DIGEST_SIZE,
> -       },
> +#if IS_ENABLED(CONFIG_SHA384)
> +               true,
> +#else
> +               false,
>  #endif
> -#if IS_ENABLED(CONFIG_SHA512)
> +       },
>         {
>                 "sha512",
>                 TPM2_ALG_SHA512,
>                 TCG2_BOOT_HASH_ALG_SHA512,
>                 TPM2_SHA512_DIGEST_SIZE,
> -       },
> +#if IS_ENABLED(CONFIG_SHA512)
> +               true,
> +#else
> +               false,
>  #endif
> +       },
>  };
>
>  /* NV index attributes */
> @@ -704,6 +717,14 @@ enum tpm2_algorithms tpm2_name_to_algorithm(const char *name);
>   */
>  const char *tpm2_algorithm_name(enum tpm2_algorithms);
>
> +/**
> + * tpm2_algorithm_supported() -  Check if the algorithm supported by U-Boot
> + *
> + * @algorithm_id: algorithm defined in enum tpm2_algorithms
> + * Return: true if supported, otherwise false
> + */
> +bool tpm2_algorithm_supported(enum tpm2_algorithms algo);
> +
>  /**
>   * tpm2_algorithm_to_len() - Return an algorithm length for supported algorithm id
>   *
> diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> index 0edb0aa90c..96c164f2a5 100644
> --- a/lib/tpm-v2.c
> +++ b/lib/tpm-v2.c
> @@ -884,6 +884,18 @@ const char *tpm2_algorithm_name(enum tpm2_algorithms algo)
>         return "";
>  }
>
> +bool tpm2_algorithm_supported(enum tpm2_algorithms algo)
> +{
> +       size_t i;
> +
> +       for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) {
> +               if (hash_algo_list[i].hash_alg == algo)
> +                       return hash_algo_list[i].supported;
> +       }
> +
> +       return false;
> +}
> +
>  u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo)
>  {
>         size_t i;
> @@ -908,7 +920,7 @@ bool tpm2_check_active_banks(struct udevice *dev)
>
>         for (i = 0; i < pcrs.count; i++) {
>                 if (tpm2_is_active_bank(&pcrs.selection[i]) &&
> -                   !tpm2_algorithm_to_len(pcrs.selection[i].hash))
> +                   !tpm2_algorithm_supported(pcrs.selection[i].hash))
>                         return false;
>         }
>
> diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
> index 16f41cbfd1..4682f7664f 100644
> --- a/lib/tpm_tcg2.c
> +++ b/lib/tpm_tcg2.c
> @@ -37,16 +37,17 @@ int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_bank, u32 *active_bank
>                 return ret;
>
>         for (i = 0; i < pcrs.count; i++) {
> -               u32 hash_mask = tcg2_algorithm_to_mask(pcrs.selection[i].hash);
> +               struct tpms_pcr_selection *sel = &pcrs.selection[i];
> +               u32 hash_mask = tcg2_algorithm_to_mask(sel->hash);
>
> -               if (hash_mask) {
> +               if (tpm2_algorithm_supported(sel->hash))
>                         *supported_bank |= hash_mask;
> -                       if (tpm2_is_active_bank(&pcrs.selection[i]))
> -                               *active_bank |= hash_mask;
> -               } else {
> -                       printf("%s: unknown algorithm %x\n", __func__,
> -                              pcrs.selection[i].hash);
> -               }
> +               else
> +                       log_warning("%s: unknown algorithm %x\n", __func__,
> +                                   sel->hash);
> +
> +               if (tpm2_is_active_bank(sel))
> +                       *active_bank |= hash_mask;
>         }
>
>         *bank_num = pcrs.count;
> --
> 2.25.1
>

Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>

More information about the U-Boot mailing list