proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-08-13 23:06:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tpm: Fix eventlog replay for Intel TXT machines

Browse Source
This commit is contained in:
Kai Michaelis 2022-03-23 17:20:44 +01:00 committed by Richard Hughes
parent c6c64bd8dc
commit 0812ce5d20
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
plugins/tpm/fu-tpm-eventlog-common.c
View File

@ -149,6 +149,11 @@ fu_tpm_eventlog_blobstr(GBytes *blob)
g_bytes_get_size(blob));
}
typedef struct __attribute__((packed)) {
guint8 Signature[16];
guint8 StartupLocality;
} TCG_EfiStartupLocalityEvent;
GPtrArray *
fu_tpm_eventlog_calc_checksums(GPtrArray *items, guint8 pcr, GError **error)
{
@ -175,6 +180,22 @@ fu_tpm_eventlog_calc_checksums(GPtrArray *items, guint8 pcr, GError **error)
FuTpmEventlogItem *item = g_ptr_array_index(items, i);
if (item->pcr != pcr)
continue;
/* if TXT is enabled then the first event for PCR0 should be a StartupLocality */
if (item->kind == EV_NO_ACTION && item->pcr == 0 && item->blob != NULL && i == 0) {
gsize bufsz;
const guint8 *buf = g_bytes_get_data(item->blob, &bufsz);
if (bufsz == sizeof(TCG_EfiStartupLocalityEvent)) {
/* the final byte indicates the locality from which TPM2_Startup()
* was issued -- which is the initial value of PCR0 */
if (strncmp((const char *)buf, "StartupLocality", bufsz - 2) == 0) {
digest_sha256[TPM2_SHA256_DIGEST_SIZE - 1] = buf[bufsz - 1];
digest_sha1[TPM2_SHA1_DIGEST_SIZE - 1] = buf[bufsz - 1];
continue;
}
}
}
if (item->checksum_sha1 != NULL) {
g_autoptr(GChecksum) csum_sha1 = g_checksum_new(G_CHECKSUM_SHA1);
g_checksum_update(csum_sha1, (const guchar *)digest_sha1, digest_sha1_len);