[Tboot-changelog] changeset in code: Flush TPM context after loading objects for i...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

changeset be0a892edfc8 in /hg/p/tboot/code
details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=be0a892edfc8
description:
	Flush TPM context after loading objects for integrity verification

	This change is due to Intel PTT limitations. TPM's object memory capacity varies,
	but Intel PTT has been implemented according to minimum TPM requirements,
	which means that it has only enough memory slots to contain three objects.

	TBOOT might run into an issue of overflowing PTT's object memory and thus failing
	to verify memory integrity in S3 cycles - which would be quite a security flaw.

	Since those objects could be removed from TPM's object memory right after they're
	loaded into TBOOT's space - just that has been added into the flow.

diffstat:

 tboot/common/tpm_20.c |  48 +++++++++++++++++++++++++++---------------------
 1 files changed, 27 insertions(+), 21 deletions(-)

diffs (72 lines):

diff -r b06289220ef8 -r be0a892edfc8 tboot/common/tpm_20.c

--- a/tboot/common/tpm_20.c	Mon Dec 12 11:31:41 2022 +0100
+++ b/tboot/common/tpm_20.c	Mon Dec 12 11:35:49 2022 +0100
@@ -2096,6 +2096,27 @@
     
 }
 
+static bool tpm20_context_flush(struct tpm_if *ti, u32 locality, TPM_HANDLE handle)
+{
+    tpm_flushcontext_in in;
+    u32 ret;
+    
+    if ( ti == NULL || locality >= TPM_NR_LOCALITIES )
+        return false;
+    if ( handle == 0 )
+        return false;
+    in.flushHandle = handle;
+        ret = _tpm20_context_flush(locality, &in);
+    if ( ret != TPM_RC_SUCCESS ) {
+        printk(TBOOT_WARN"TPM: tpm2 context flush returned , return value = %08X\n", ret);
+        ti->error = ret;
+        return false;
+    }
+    else 
+        printk(TBOOT_WARN"TPM: tpm2 context flush successful, return value = %08X\n", ret);
+    return true;
+}	
+
 
 TPM_CMD_SESSION_DATA_IN pw_session;
 static void create_pw_session(TPM_CMD_SESSION_DATA_IN *ses)
@@ -2513,6 +2534,12 @@
     *secret_size = unseal_out.data.t.size;
     tb_memcpy(secret, &(unseal_out.data.t.buffer[0]), *secret_size);
 
+    if ( !tpm20_context_flush(ti, locality, load_out.obj_handle) ) {
+        printk(TBOOT_WARN"TPM: Failed to flush context\n");
+        ti->error = ret;
+        return false;
+    }
+
     return true;
 }
 
@@ -2693,27 +2720,6 @@
     return true;
 }	
 
-static bool tpm20_context_flush(struct tpm_if *ti, u32 locality, TPM_HANDLE handle)
-{
-    tpm_flushcontext_in in;
-    u32 ret;
-    
-    if ( ti == NULL || locality >= TPM_NR_LOCALITIES )
-        return false;
-    if ( handle == 0 )
-        return false;
-    in.flushHandle = handle;
-        ret = _tpm20_context_flush(locality, &in);
-    if ( ret != TPM_RC_SUCCESS ) {
-        printk(TBOOT_WARN"TPM: tpm2 context flush returned , return value = %08X\n", ret);
-        ti->error = ret;
-        return false;
-    }
-    else 
-        printk(TBOOT_WARN"TPM: tpm2 context flush successful, return value = %08X\n", ret);
-    return true;
-}	
-
 static bool tpm20_init(struct tpm_if *ti)
 {
     u32 ret;


