Menu
▾
▴
[Tboot-changelog] changeset in code: Removal of "agile" option for Extending PCR P...
|
From: Pawel R. <paw...@in...> - 2022-10-10 11:20:37
|
changeset 5780c959ab11 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=5780c959ab11 description: Removal of "agile" option for Extending PCR Policy As mentioned in earlier commit "agile" option is from now on unavailable. If you've chosen it through commandline TBOOT will use default option. diffstat: tboot/common/cmdline.c | 5 ++--- tboot/common/policy.c | 48 +----------------------------------------------- tboot/include/tpm.h | 2 +- tboot/txt/txt.c | 21 ++++----------------- 4 files changed, 8 insertions(+), 68 deletions(-) diffs (152 lines): diff -r 7ab3f002cc04 -r 5780c959ab11 tboot/common/cmdline.c --- a/tboot/common/cmdline.c Wed Aug 31 15:20:39 2022 +0200 +++ b/tboot/common/cmdline.c Wed Oct 05 14:23:58 2022 +0200 @@ -516,9 +516,8 @@ if ( tb_strcmp(extpol, "agile") == 0 ) { printk(TBOOT_WARN"Warning: \"agile\" selected in extpol, " - "this option is set to be deprecated\n" - "(see tboot-devel mailing list archive)\n"); - tpm->extpol = TB_EXTPOL_AGILE; + "this option is deprecated\n"); + tpm->extpol = TB_EXTPOL_FIXED; tpm->cur_alg = TB_HALG_SHA256; } else if ( tb_strcmp(extpol, "embedded") == 0 ) { tpm->extpol = TB_EXTPOL_EMBEDDED; diff -r 7ab3f002cc04 -r 5780c959ab11 tboot/common/policy.c --- a/tboot/common/policy.c Wed Aug 31 15:20:39 2022 +0200 +++ b/tboot/common/policy.c Wed Oct 05 14:23:58 2022 +0200 @@ -507,7 +507,6 @@ size_t size) { struct tpm_if *tpm = get_tpm(); - const struct tpm_if_fp *tpm_fp = get_tpm_fp(); if ( hl == NULL ) { printk(TBOOT_ERR"Error: input parameter is wrong.\n"); @@ -541,46 +540,7 @@ return false; break; - - case TB_EXTPOL_AGILE: - { - hash_list_t img_hl, final_hl; - if ( !tpm_fp->hash(tpm, 2, (const unsigned char *)cmdline, - tb_strlen(cmdline), hl) ) - return false; - - uint8_t buf[2*sizeof(tb_hash_t)]; - - if ( !tpm_fp->hash(tpm, 2, base, size, &img_hl) ) - return false; - for (unsigned int i=0; i<hl->count; i++) { - for (unsigned int j=0; j<img_hl.count; j++) { - if (hl->entries[i].alg == img_hl.entries[j].alg) { - copy_hash((tb_hash_t *)buf, &hl->entries[i].hash, - hl->entries[i].alg); - copy_hash((tb_hash_t *)(buf + get_hash_size(hl->entries[i].alg)), - &img_hl.entries[j].hash, hl->entries[i].alg); - if ( !tpm_fp->hash(tpm, 2, buf, - 2*get_hash_size(hl->entries[i].alg), &final_hl) ) - return false; - - for (unsigned int k=0; k<final_hl.count; k++) { - if (hl->entries[i].alg == final_hl.entries[k].alg) { - copy_hash(&hl->entries[i].hash, - &final_hl.entries[k].hash, - hl->entries[i].alg); - break; - } - } - - break; - } - } - } - - break; - } - + case TB_EXTPOL_EMBEDDED: { tb_hash_t img_hash; @@ -772,7 +732,6 @@ static void verify_g_policy(void) { struct tpm_if *tpm = get_tpm(); - const struct tpm_if_fp *tpm_fp = get_tpm_fp(); /* assumes mbi is valid */ printk(TBOOT_INFO"verifying policy \n"); @@ -802,11 +761,6 @@ break; - case TB_EXTPOL_AGILE: - if ( !tpm_fp->hash(tpm, 2, buf, size, &VL_ENTRIES(NUM_VL_ENTRIES).hl) ) - apply_policy(TB_ERR_MODULE_VERIFICATION_FAILED); - break; - case TB_EXTPOL_EMBEDDED: { VL_ENTRIES(NUM_VL_ENTRIES).hl.count = tpm->alg_count; diff -r 7ab3f002cc04 -r 5780c959ab11 tboot/include/tpm.h --- a/tboot/include/tpm.h Wed Aug 31 15:20:39 2022 +0200 +++ b/tboot/include/tpm.h Wed Oct 05 14:23:58 2022 +0200 @@ -442,7 +442,7 @@ /* * Only for version>=2. PCR extend policy. */ -#define TB_EXTPOL_AGILE 0 +#define TB_EXTPOL_AGILE 0 // deprecated #define TB_EXTPOL_EMBEDDED 1 #define TB_EXTPOL_FIXED 2 u8 extpol; diff -r 7ab3f002cc04 -r 5780c959ab11 tboot/txt/txt.c --- a/tboot/txt/txt.c Wed Aug 31 15:20:39 2022 +0200 +++ b/tboot/txt/txt.c Wed Oct 05 14:23:58 2022 +0200 @@ -253,16 +253,6 @@ os_mle_data_t *os_mle_data = get_os_mle_data_start(get_txt_heap()); struct tpm_if *tpm = get_tpm(); switch (tpm->extpol) { - case TB_EXTPOL_AGILE: - for (i=0; i<evt_log->count; i++) { - evt_log->event_log_descr[i].alg = tpm->algs_banks[i]; - evt_log->event_log_descr[i].phys_addr = - (uint64_t)(unsigned long)(os_mle_data->event_log_buffer + i*4096); - evt_log->event_log_descr[i].size = 4096; - evt_log->event_log_descr[i].pcr_events_offset = 0; - evt_log->event_log_descr[i].next_event_offset = 0; - } - break; case TB_EXTPOL_EMBEDDED: for (i=0; i<evt_log->count; i++) { evt_log->event_log_descr[i].alg = tpm->algs[i]; @@ -334,13 +324,10 @@ printk(TBOOT_DETA"heap_ext_data_element SIZE = %d \n", elt->size); } else if ( log_type == EVTLOG_TPM2_LEGACY ) { g_elog_2 = (heap_event_log_ptr_elt2_t *)elt->data; - if ( tpm->extpol == TB_EXTPOL_AGILE ) - g_elog_2->count = tpm->banks; + if ( tpm->extpol == TB_EXTPOL_EMBEDDED ) + g_elog_2->count = tpm->alg_count; else - if ( tpm->extpol == TB_EXTPOL_EMBEDDED ) - g_elog_2->count = tpm->alg_count; - else - g_elog_2->count = 1; + g_elog_2->count = 1; init_evtlog_desc(g_elog_2); elt->type = HEAP_EXTDATA_TYPE_TPM_EVENT_LOG_PTR_2; elt->size = sizeof(*elt) + sizeof(u32) + @@ -711,7 +698,7 @@ /* PCR mapping selection MUST be zero in TPM2.0 mode * since D/A mapping is the only supported by TPM2.0 */ if ( tpm->major >= TPM20_VER_MAJOR ) { - os_sinit_data->flags = (tpm->extpol == TB_EXTPOL_AGILE) ? 0 : 1; + os_sinit_data->flags = 1; os_sinit_data->capabilities.pcr_map_no_legacy = 0; os_sinit_data->capabilities.pcr_map_da = 0; g_using_da = 1; |
