tpm2: Define TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL and use it

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
tpm2: Add missing ADD_FLAG to X509Certificate definition
2025-08-26 13:14:36 +00:00 · 2025-08-06 15:49:41 -04:00 · 2025-08-06 15:49:41 -04:00 · 2025-08-06 13:55:46 -04:00
4 changed files with 43 additions and 40 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -247,7 +247,7 @@ libtpms_tpm2_la_SOURCES = \
 	tpm2/PCR.c \
 	tpm2/PlatformACT.c \
 	tpm2/PlatformData.c \
-	tpm2/PlatformPCR.c \
+	tpm2/PlatformPcr.c \
 	tpm2/Policy_spt.c \
 	tpm2/Power.c \
 	tpm2/PowerPlat.c \
--- a/src/tpm2/CommandDispatchData.h
+++ b/src/tpm2/CommandDispatchData.h
@ -111,7 +111,9 @@ const _UNMARSHAL_T_ unmarshalArray[] = {
            UNMARSHAL_DISPATCH(TPMI_RH_LOCKOUT),
 #define TPMI_RH_NV_AUTH_H_UNMARSHAL             (TPMI_RH_LOCKOUT_H_UNMARSHAL + 1)
            UNMARSHAL_DISPATCH(TPMI_RH_NV_AUTH),
-#define TPMI_RH_NV_INDEX_H_UNMARSHAL            (TPMI_RH_NV_AUTH_H_UNMARSHAL + 1)
+#define TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL    (TPMI_RH_NV_AUTH_H_UNMARSHAL + 1)
+            UNMARSHAL_DISPATCH(TPMI_RH_NV_DEFINED_INDEX),
+#define TPMI_RH_NV_INDEX_H_UNMARSHAL      (TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL + 1)
            UNMARSHAL_DISPATCH(TPMI_RH_NV_INDEX),
 #define TPMI_RH_PLATFORM_H_UNMARSHAL            (TPMI_RH_NV_INDEX_H_UNMARSHAL + 1)
            UNMARSHAL_DISPATCH(TPMI_RH_PLATFORM),
@ -2251,7 +2253,7 @@ CertifyX509_COMMAND_DESCRIPTOR_t _CertifyX509Data = {
                                 (UINT16)(offsetof(CertifyX509_Out, tbsDigest)),
                                 (UINT16)(offsetof(CertifyX509_Out, signature))},
    /* types         */         {TPMI_DH_OBJECT_H_UNMARSHAL,
-                                 TPMI_DH_OBJECT_H_UNMARSHAL,
+                                 TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG,
                                 TPM2B_DATA_P_UNMARSHAL,
                                 TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG,
                                 TPM2B_MAX_BUFFER_P_UNMARSHAL,
@ -4493,7 +4495,7 @@ NV_UndefineSpace_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceData = {
    /* offsetOfTypes */         offsetof(NV_UndefineSpace_COMMAND_DESCRIPTOR_t, types),
    /* offsets       */         {(UINT16)(offsetof(NV_UndefineSpace_In, nvIndex))},
    /* types         */         {TPMI_RH_PROVISION_H_UNMARSHAL,
-                                 TPMI_RH_NV_INDEX_H_UNMARSHAL,
+                                 TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL,
                                 END_OF_LIST,
                                 END_OF_LIST}
 };
@ -4527,7 +4529,7 @@ NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceSpecialData = {
    /* outSize       */         0,
    /* offsetOfTypes */         offsetof(NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t, types),
    /* offsets       */         {(UINT16)(offsetof(NV_UndefineSpaceSpecial_In, platform))},
-    /* types         */         {TPMI_RH_NV_INDEX_H_UNMARSHAL,
+    /* types         */         {TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL,
                                 TPMI_RH_PLATFORM_H_UNMARSHAL,
                                 END_OF_LIST,
                                 END_OF_LIST}
--- a/src/tpm2/PlatformPcr.c
+++ b/src/tpm2/PlatformPcr.c
@ -58,13 +58,14 @@
 /*										*/
 /********************************************************************************/

+
 // PCR platform interface functions
 #include "Platform.h"
 #include "TpmAlgorithmDefines.h"

 // use this as a convenient lookup for hash size for PCRs.
 UINT16 CryptHashGetDigestSize(TPM_ALG_ID hashAlg  // IN: hash algorithm to look up
-			      );
+);
 void   MemorySet(void* dest, int value, size_t size);

 // The initial value of PCR attributes.  The value of these fields should be
@ -76,12 +77,12 @@ static const PCR_Attributes s_initAttributes[] = {
    // PCR 0 - 15, static RTM
    // PCR[0]
    {
-	1,  // save state
-	0,  // in the "do not increment the PcrCounter" group? (0 = increment the PcrCounter)
-	0,  // supportsPolicyAuth group number? 0 = policyAuth not supported for this PCR.
-	0,  // supportsAuthValue group number? 0 = AuthValue not supported for this PCR.
-	0,    // 0 = reset localities (cannot reset)
-	0x1F  // 0x1F = extendlocalities [0,4]
+        1,  // save state
+        0,  // in the "do not increment the PcrCounter" group? (0 = increment the PcrCounter)
+        0,  // supportsPolicyAuth group number? 0 = policyAuth not supported for this PCR.
+        0,  // supportsAuthValue group number? 0 = AuthValue not supported for this PCR.
+        0,    // 0 = reset localities (cannot reset)
+        0x1F  // 0x1F = extendlocalities [0,4]
    },
    {1, 0, 0, 0, 0, 0x1F},  // PCR 1-3
    {1, 0, 0, 0, 0, 0x1F},
@ -100,17 +101,17 @@ static const PCR_Attributes s_initAttributes[] = {
    {1, 0, 0, 0, 0, 0x1F},

    // these PCRs are never saved
-    {0, 1, 0, 0, 0x0F, 0x1F},  // PCR 16, Debug, reset allowed, extend all
+    {0, 1, 0, 0, 0x0F, 0x1F},  // PCR 16, Debug, reset allowed, extend all		// libtpms changed
    {0, 0, 0, 0, 0x10, 0x1C},  // PCR 17, Locality 4, extend loc 2+
    {0, 0, 0, 0, 0x10, 0x1C},  // PCR 18, Locality 3, extend loc 2+
    {0, 0, 0, 0, 0x10, 0x0C},  // PCR 19, Locality 2, extend loc 2, 3
    // these three support doNotIncrement, PolicyAuth, and AuthValue.
    // this is consistent with the existing behavior of the TPM Reference code
    // but differs from the behavior of the PC client spec.
-    {0, 0, 0, 0, 0x1C, 0x0E},  // PCR 20, Locality 1, extend loc 1, 2, 3
+    {0, 0, 0, 0, 0x1C, 0x0E},  // PCR 20, Locality 1, extend loc 1, 2, 3		// libtpms changed begin
    {0, 1, 0, 0, 0x1C, 0x04},  // PCR 21, Dynamic OS, extend loc 2
    {0, 1, 0, 0, 0x1C, 0x04},  // PCR 22, Dynamic OS, extend loc 2
-    {0, 1, 0, 0, 0x0F, 0x1F},  // PCR 23, reset allowed, App specific, extend all
+    {0, 1, 0, 0, 0x0F, 0x1F},  // PCR 23, reset allowed, App specific, extend all	// libtpms changed end
 };

 #ifndef ARRAYSIZE
@ -158,9 +159,9 @@ UINT32 _platPcr__NumberOfPcrs()
 PCR_Attributes _platPcr__GetPcrInitializationAttributes(UINT32 pcrNumber)
 {
    if(pcrNumber >= _platPcr__NumberOfPcrs())
-	{
-	    pcrNumber = 0;
-	}
+    {
+        pcrNumber = 0;
+    }
    return s_initAttributes[pcrNumber];
 }

@ -168,13 +169,13 @@ PCR_Attributes _platPcr__GetPcrInitializationAttributes(UINT32 pcrNumber)
 BOOL _platPcr_IsPcrBankDefaultActive(TPM_ALG_ID pcrAlg)
 {
    // brute force search is fast enough for a small array.
-    for(size_t i = 0; i < ARRAYSIZE(DefaultActivePcrBanks); i++)
-	{
-	    if(DefaultActivePcrBanks[i] == pcrAlg)
-		{
-		    return TRUE;
-		}
-	}
+    for(size_t i = 0; i < ARRAYSIZE(DefaultActivePcrBanks); i++)	// libtpms changed
+    {
+        if(DefaultActivePcrBanks[i] == pcrAlg)
+        {
+            return TRUE;
+        }
+    }
    return FALSE;
 }

@ -186,13 +187,13 @@ BOOL _platPcr_IsPcrBankDefaultActive(TPM_ALG_ID pcrAlg)
 // If the buffer is not large enough for a pcr consistent with pcrAlg, then the
 // platform will return TPM_RC_FAILURE.
 TPM_RC _platPcr__GetInitialValueForPcr(
-				       UINT32     pcrNumber,        // IN: PCR to be initialized
-				       TPM_ALG_ID pcrAlg,           // IN: Algorithm of the PCR Bank being initialized
-				       BYTE       startupLocality,  // IN: locality where startup is being called from
-				       BYTE*      pcrData,          // OUT: buffer to put PCR initialization value into
-				       uint16_t   bufferSize,       // IN: maximum size of value buffer can hold
-				       uint16_t*  pcrLength  // OUT: size of initialization value returned in pcrBuffer
-				       )
+    UINT32     pcrNumber,        // IN: PCR to be initialized
+    TPM_ALG_ID pcrAlg,           // IN: Algorithm of the PCR Bank being initialized
+    BYTE       startupLocality,  // IN: locality where startup is being called from
+    BYTE*      pcrData,          // OUT: buffer to put PCR initialization value into
+    uint16_t   bufferSize,       // IN: maximum size of value buffer can hold
+    uint16_t*  pcrLength  // OUT: size of initialization value returned in pcrBuffer
+)
 {
    // If the reset locality contains locality 4, then this
    // indicates a DRTM PCR where the reset value is all ones,
@ -204,18 +205,18 @@ TPM_RC _platPcr__GetInitialValueForPcr(
    pAssert_RC(bufferSize >= pcrSize) pAssert_RC(pcrLength != NULL);

    PCR_Attributes pcrAttributes =
-	_platPcr__GetPcrInitializationAttributes(pcrNumber);
+        _platPcr__GetPcrInitializationAttributes(pcrNumber);
    BYTE defaultValue = 0;
    // PCRs that can be cleared from locality 4 are DRTM and initialize to all 0xFF
    if((pcrAttributes.resetLocality & 0x10) != 0)
-	{
-	    defaultValue = 0xFF;
-	}
+    {
+        defaultValue = 0xFF;
+    }
    MemorySet(pcrData, defaultValue, pcrSize);
    if(pcrNumber == HCRTM_PCR)
-	{
-	    pcrData[pcrSize - 1] = startupLocality;
-	}
+    {
+        pcrData[pcrSize - 1] = startupLocality;
+    }

    // platform could provide a value here if the platform has initialization rules
    // different from the original PC Client spec (the default used by the Core library).
--- a/src/tpm2/Unmarshal.c
+++ b/src/tpm2/Unmarshal.c
@ -1188,7 +1188,6 @@ TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size)
 }

 /* Table 67 - Definition of (TPM_HANDLE) TPMI_RH_NV_DEFINED_INDEX Type <IN> */
-#if 0							// libtpms added
 TPM_RC
 TPMI_RH_NV_DEFINED_INDEX_Unmarshal(TPMI_RH_NV_DEFINED_INDEX *target, BYTE **buffer, INT32 *size)
 {
@ -1215,6 +1214,7 @@ TPMI_RH_NV_DEFINED_INDEX_Unmarshal(TPMI_RH_NV_DEFINED_INDEX *target, BYTE **buff
    return rc;
 }

+#if 0
 /* Table 68 - Definition of (TPM_HANDLE) TPMI_RH_NV_LEGACY_INDEX Type <IN/OUT> */
 TPM_RC
 TPMI_RH_NV_LEGACY_INDEX_Unmarshal(TPMI_RH_NV_LEGACY_INDEX *target, BYTE **buffer, INT32 *size)
Author	SHA1	Message	Date
Stefan Berger	8896d3d7c8	tpm2: Define TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL and use it Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2025-08-06 15:49:41 -04:00
Stefan Berger	393da43828	tpm2: Add missing ADD_FLAG to X509Certificate definition Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2025-08-06 15:49:41 -04:00
Stefan Berger	e7e8c38281	tpm2: Rename PlatformPCR.c to PlatformPcr.c and sync Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2025-08-06 13:55:46 -04:00