From 069449e4276c34ab539a11c5862a1ed4a945dd66 Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Mon, 14 Oct 2019 08:49:41 -0500 Subject: [PATCH] trivial: uefi: don't add PCRs with all 0's I was seeing on a CML laptop with a Nuvoton TPM the following which is definitely wrong: ``` Checksum: SHA1(791183aa2c4993dfaf75e95c91bdad067ac2cce1) Checksum: SHA256(8a0656fe0024cc3300cc4dc8af4fc336112a51013aeb74b21c138ed116bb8691) Checksum: SHA1(000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) ``` --- plugins/uefi/fu-uefi-pcrs.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/plugins/uefi/fu-uefi-pcrs.c b/plugins/uefi/fu-uefi-pcrs.c index 818c81459..f7b0ce15e 100644 --- a/plugins/uefi/fu-uefi-pcrs.c +++ b/plugins/uefi/fu-uefi-pcrs.c @@ -161,14 +161,17 @@ fu_uefi_pcrs_setup_tpm20 (FuUefiPcrs *self, GError **error) str = g_string_new (NULL); for (guint j = 0; j < pcr_values->digests[i].size; j++) { - g_string_append_printf (str, "%02x", pcr_values->digests[i].buffer[j]); + gint64 val = pcr_values->digests[i].buffer[j]; + if (val > 0) + g_string_append_printf (str, "%02x", pcr_values->digests[i].buffer[j]); + } + if (str->len > 0) { + item = g_new0 (FuUefiPcrItem, 1); + item->idx = 0; /* constant PCR index 0, since we only read this single PCR */ + item->checksum = g_string_free (g_steal_pointer (&str), FALSE); + g_ptr_array_add (self->items, item); + g_debug ("added PCR-%02u=%s", item->idx, item->checksum); } - - item = g_new0 (FuUefiPcrItem, 1); - item->idx = 0; /* constant PCR index 0, since we only read this single PCR */ - item->checksum = g_string_free (g_steal_pointer (&str), FALSE); - g_ptr_array_add (self->items, item); - g_debug ("added PCR-%02u=%s", item->idx, item->checksum); } /* success */