[4/8] tpm: Correct the define-space command in TPMv2

Message ID	20220301001125.1554442-5-sjg@chromium.org
State	Changes Requested
Delegated to:	Ilias Apalodimas
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Simon Glass <sjg@chromium.org> To: U-Boot Mailing List <u-boot@lists.denx.de> Cc: Simon Glass <sjg@chromium.org> Subject: [PATCH 4/8] tpm: Correct the define-space command in TPMv2 Date: Mon, 28 Feb 2022 17:11:21 -0700 Message-Id: <20220301001125.1554442-5-sjg@chromium.org> In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org> References: <20220301001125.1554442-1-sjg@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	tpm: Various minor fixes and enhancements \| expand [0/8] tpm: Various minor fixes and enhancements [1/8] tpm: Export the TPM-version functions [2/8] tpm: Require a digest source when extending the PCR [3/8] tpm: Correct the permissions command in TPMv1 [4/8] tpm: Correct the define-space command in TPMv2 [5/8] tpm: sandbox: Allow init of TPM in a different phase [6/8] tpm: Allow reporting the internal state [7/8] tpm: Implement state command for Cr50 [8/8] tpm: Allow commiting non-volatile data

Message ID

20220301001125.1554442-5-sjg@chromium.org

State

Changes Requested

Delegated to:

Ilias Apalodimas

Headers

From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Cc: Simon Glass <sjg@chromium.org>
Subject: [PATCH 4/8] tpm: Correct the define-space command in TPMv2
Date: Mon, 28 Feb 2022 17:11:21 -0700
Message-Id: <20220301001125.1554442-5-sjg@chromium.org>
In-Reply-To: <20220301001125.1554442-1-sjg@chromium.org>
References: <20220301001125.1554442-1-sjg@chromium.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

tpm: Various minor fixes and enhancements | expand

Comments

Ilias Apalodimas June 7, 2022, 8:46 a.m. UTC | #1

Hi Simon, 

Thanks for fixing this. 
On Mon, Feb 28, 2022 at 05:11:21PM -0700, Simon Glass wrote:
> The message format is incorrect. Fix it.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
> 
>  lib/tpm-v2.c | 18 +++++++++++-------
>  1 file changed, 11 insertions(+), 7 deletions(-)
> 
> diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> index 6058f2e1e4..fe99b9c863 100644
> --- a/lib/tpm-v2.c
> +++ b/lib/tpm-v2.c
> @@ -89,14 +89,14 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
>  	 * Calculate the offset of the nv_policy piece by adding each of the
>  	 * chunks below.
>  	 */
> -	uint offset = 10 + 8 + 13 + 14;
> +	uint offset = 10 + 4 + 13 + 14;
>  	u8 command_v2[COMMAND_BUFFER_SIZE] = {
>  		/* header 10 bytes */
>  		tpm_u16(TPM2_ST_SESSIONS),	/* TAG */
> -		tpm_u32(offset + nv_policy_size),/* Length */
> +		tpm_u32(offset + nv_policy_size + 2),/* Length */
>  		tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */
>  
> -		/* handles 8 bytes */
> +		/* handles 4 bytes */
>  		tpm_u32(TPM2_RH_PLATFORM),	/* Primary platform seed */

Similar to my comment on the previous patches,  please send a version with
defines that gets rid of the magic numbers (offset, +2 on nv_policy_size etc)

>  
>  		/* session header 13 bytes */
> @@ -107,12 +107,15 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
>  		tpm_u16(0),			/* auth_size */
>  
>  		/* message 14 bytes + policy */
> -		tpm_u16(12 + nv_policy_size),	/* size */
> +		tpm_u16(12 + nv_policy_size + 2),	/* size */
>  		tpm_u32(space_index),
>  		tpm_u16(TPM2_ALG_SHA256),
>  		tpm_u32(nv_attributes),
>  		tpm_u16(nv_policy_size),
> -		/* nv_policy */
> +		/*
> +		 * nv_policy
> +		 * space_size
> +		 */
>  	};
>  	int ret;
>  
> @@ -120,8 +123,9 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
>  	 * Fill the command structure starting from the first buffer:
>  	 *     - the password (if any)
>  	 */
> -	ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
> -			       offset, nv_policy, nv_policy_size);
> +	ret = pack_byte_string(command_v2, sizeof(command_v2), "sw",
> +			       offset, nv_policy, nv_policy_size,
> +			       offset + nv_policy_size, space_size);
>  	if (ret)
>  		return TPM_LIB_ERROR;
>  
> -- 
> 2.35.1.574.g5d30c73bfb-goog
> 


Cheers
/Ilias

Simon Glass Aug. 14, 2022, 11:29 p.m. UTC | #2

Hi Ilias,

On Tue, 7 Jun 2022 at 02:46, Ilias Apalodimas
<ilias.apalodimas@linaro.org> wrote:
>
> Hi Simon,
>
> Thanks for fixing this.
> On Mon, Feb 28, 2022 at 05:11:21PM -0700, Simon Glass wrote:
> > The message format is incorrect. Fix it.
> >
> > Signed-off-by: Simon Glass <sjg@chromium.org>
> > ---
> >
> >  lib/tpm-v2.c | 18 +++++++++++-------
> >  1 file changed, 11 insertions(+), 7 deletions(-)
> >
> > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> > index 6058f2e1e4..fe99b9c863 100644
> > --- a/lib/tpm-v2.c
> > +++ b/lib/tpm-v2.c
> > @@ -89,14 +89,14 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
> >        * Calculate the offset of the nv_policy piece by adding each of the
> >        * chunks below.
> >        */
> > -     uint offset = 10 + 8 + 13 + 14;
> > +     uint offset = 10 + 4 + 13 + 14;
> >       u8 command_v2[COMMAND_BUFFER_SIZE] = {
> >               /* header 10 bytes */
> >               tpm_u16(TPM2_ST_SESSIONS),      /* TAG */
> > -             tpm_u32(offset + nv_policy_size),/* Length */
> > +             tpm_u32(offset + nv_policy_size + 2),/* Length */
> >               tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */
> >
> > -             /* handles 8 bytes */
> > +             /* handles 4 bytes */
> >               tpm_u32(TPM2_RH_PLATFORM),      /* Primary platform seed */
>
> Similar to my comment on the previous patches,  please send a version with
> defines that gets rid of the magic numbers (offset, +2 on nv_policy_size etc)

OK I have fixed these, with const int.

>
> >
> >               /* session header 13 bytes */
> > @@ -107,12 +107,15 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
> >               tpm_u16(0),                     /* auth_size */
> >
> >               /* message 14 bytes + policy */
> > -             tpm_u16(12 + nv_policy_size),   /* size */
> > +             tpm_u16(12 + nv_policy_size + 2),       /* size */
> >               tpm_u32(space_index),
> >               tpm_u16(TPM2_ALG_SHA256),
> >               tpm_u32(nv_attributes),
> >               tpm_u16(nv_policy_size),
> > -             /* nv_policy */
> > +             /*
> > +              * nv_policy
> > +              * space_size
> > +              */
> >       };
> >       int ret;
> >
> > @@ -120,8 +123,9 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
> >        * Fill the command structure starting from the first buffer:
> >        *     - the password (if any)
> >        */
> > -     ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
> > -                            offset, nv_policy, nv_policy_size);
> > +     ret = pack_byte_string(command_v2, sizeof(command_v2), "sw",
> > +                            offset, nv_policy, nv_policy_size,
> > +                            offset + nv_policy_size, space_size);
> >       if (ret)
> >               return TPM_LIB_ERROR;
> >
> > --
> > 2.35.1.574.g5d30c73bfb-goog
> >
>
>
> Cheers
> /Ilias

Regards,
Simon

diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 6058f2e1e4..fe99b9c863 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -89,14 +89,14 @@  u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
 	 * Calculate the offset of the nv_policy piece by adding each of the
 	 * chunks below.
 	 */
-	uint offset = 10 + 8 + 13 + 14;
+	uint offset = 10 + 4 + 13 + 14;
 	u8 command_v2[COMMAND_BUFFER_SIZE] = {
 		/* header 10 bytes */
 		tpm_u16(TPM2_ST_SESSIONS),	/* TAG */
-		tpm_u32(offset + nv_policy_size),/* Length */
+		tpm_u32(offset + nv_policy_size + 2),/* Length */
 		tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */
 
-		/* handles 8 bytes */
+		/* handles 4 bytes */
 		tpm_u32(TPM2_RH_PLATFORM),	/* Primary platform seed */
 
 		/* session header 13 bytes */
@@ -107,12 +107,15 @@  u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
 		tpm_u16(0),			/* auth_size */
 
 		/* message 14 bytes + policy */
-		tpm_u16(12 + nv_policy_size),	/* size */
+		tpm_u16(12 + nv_policy_size + 2),	/* size */
 		tpm_u32(space_index),
 		tpm_u16(TPM2_ALG_SHA256),
 		tpm_u32(nv_attributes),
 		tpm_u16(nv_policy_size),
-		/* nv_policy */
+		/*
+		 * nv_policy
+		 * space_size
+		 */
 	};
 	int ret;
 
@@ -120,8 +123,9 @@  u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
 	 * Fill the command structure starting from the first buffer:
 	 *     - the password (if any)
 	 */
-	ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
-			       offset, nv_policy, nv_policy_size);
+	ret = pack_byte_string(command_v2, sizeof(command_v2), "sw",
+			       offset, nv_policy, nv_policy_size,
+			       offset + nv_policy_size, space_size);
 	if (ret)
 		return TPM_LIB_ERROR;

[4/8] tpm: Correct the define-space command in TPMv2

Commit Message

Comments

Patch