diff options
| author | Claudio Carvalho <cclaudio@linux.vnet.ibm.com> | 2016-11-01 20:40:26 -0200 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2016-11-02 17:07:27 +1100 |
| commit | ddfc16d1275e7a2354913b3b3c2df6f0aa9f31ee (patch) | |
| tree | 9cc42f505620982e8ee60a37bf58eda25bbd7279 /libstb | |
| parent | f9f3d0e2b20e01c32baf6546137dc9cdf0bc516e (diff) | |
| download | skiboot-ddfc16d1275e7a2354913b3b3c2df6f0aa9f31ee.zip skiboot-ddfc16d1275e7a2354913b3b3c2df6f0aa9f31ee.tar.gz skiboot-ddfc16d1275e7a2354913b3b3c2df6f0aa9f31ee.tar.bz2 | |
tpm_extendl: log the calling results
Currently, the tpm_extendl() results are logged by the caller, but
tpm_extendl() walks through all the tpm_chip registered and consequently
multiple tpm_chips can fail.
This turns the logging over to tpm_extendl(), which now logs how many
tpm_chips successfully measured and failed to measure a given data.
Another option would be to provide the caller the number of tpm_chips
that failed and successfully measured the data, but the caller will use
this information only for logging.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'libstb')
| -rw-r--r-- | libstb/stb.c | 28 | ||||
| -rw-r--r-- | libstb/tpm_chip.c | 8 |
2 files changed, 19 insertions, 17 deletions
diff --git a/libstb/stb.c b/libstb/stb.c index be68a50..4a9aa88 100644 --- a/libstb/stb.c +++ b/libstb/stb.c @@ -163,7 +163,11 @@ void stb_init(void) int stb_final(void) { uint32_t pcr; - int rc = 0; + int rc; + bool failed; + + rc = 0; + failed = false; if (trusted_mode) { #ifdef STB_DEBUG @@ -186,9 +190,7 @@ int stb_final(void) TPM_ALG_SHA1_SIZE, EV_SEPARATOR, "Skiboot Boot"); if (rc) - return rc; - prlog(PR_NOTICE, "STB: 0xFFFFFFFF measured " - "to pcr%d\n", pcr); + failed = true; } tpm_add_status_property(); } @@ -199,16 +201,15 @@ int stb_final(void) tpm_cleanup(); secure_mode = false; trusted_mode = false; - return rc; + return (failed) ? STB_MEASURE_FAILED : 0; } int tb_measure(enum resource_id id, void *buf, size_t len) { - int rc, r; + int r; uint8_t digest[SHA512_DIGEST_LENGTH]; const uint8_t *digestp; - rc = 0; digestp = NULL; if (!trusted_mode) { prlog(PR_NOTICE, "STB: %s skipped resource %d, " @@ -284,15 +285,10 @@ int tb_measure(enum resource_id id, void *buf, size_t len) * algorithm, the sha512 hash is truncated to match the size required * by each PCR bank. */ - rc = tpm_extendl(resource_map[r].pcr, - TPM_ALG_SHA256, digest, TPM_ALG_SHA256_SIZE, - TPM_ALG_SHA1, digest, TPM_ALG_SHA1_SIZE, - EV_ACTION, resource_map[r].name); - if (rc) - return rc; - prlog(PR_NOTICE, "STB: %s measured to pcr%d\n", resource_map[r].name, - resource_map[r].pcr); - return 0; + return tpm_extendl(resource_map[r].pcr, + TPM_ALG_SHA256, digest, TPM_ALG_SHA256_SIZE, + TPM_ALG_SHA1, digest, TPM_ALG_SHA1_SIZE, + EV_ACTION, resource_map[r].name); } int sb_verify(enum resource_id id, void *buf, size_t len) diff --git a/libstb/tpm_chip.c b/libstb/tpm_chip.c index 93a8e04..d387ea0 100644 --- a/libstb/tpm_chip.c +++ b/libstb/tpm_chip.c @@ -226,10 +226,11 @@ int tpm_extendl(TPM_Pcr pcr, TPM_Alg_Id alg2, uint8_t* digest2, size_t size2, uint32_t event_type, const char* event_msg) { - int rc, failed; + int rc, measured, failed; TCG_PCR_EVENT2 event; struct tpm_chip *tpm = NULL; + measured = 0; failed = 0; list_for_each(&tpm_list, tpm, link) { @@ -297,7 +298,12 @@ int tpm_extendl(TPM_Pcr pcr, tpm_print_pcr(tpm, pcr, alg2, size2); } #endif + measured++; } + + prlog(PR_NOTICE, "TPM: %s (pcr%d) measured on %d tpms and " + "failed on %d tpms\n", event_msg, pcr, measured, failed); + if (failed > 0) return STB_MEASURE_FAILED; return 0; |