From 9122999bfb952d1e48735b51f34acff531aafc7d Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Wed, 17 Jun 2020 13:27:48 -0500 Subject: [PATCH] tpm-eventlog: verify all algorithms, not just one of them This will help to suss out any problems that are specific to sha1 or sha256 eventlog calculation. --- plugins/tpm-eventlog/fu-plugin-tpm-eventlog.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/plugins/tpm-eventlog/fu-plugin-tpm-eventlog.c b/plugins/tpm-eventlog/fu-plugin-tpm-eventlog.c index e6e69577d..7d2951ea6 100644 --- a/plugins/tpm-eventlog/fu-plugin-tpm-eventlog.c +++ b/plugins/tpm-eventlog/fu-plugin-tpm-eventlog.c @@ -115,19 +115,25 @@ fu_plugin_device_registered_uefi (FuPlugin *plugin, FuDevice *device) for (guint i = 0; i < checksums->len; i++) { const gchar *checksum = g_ptr_array_index (checksums, i); + data->reconstructed = FALSE; for (guint j = 0; j < data->pcr0s->len; j++) { const gchar *checksum_tmp = g_ptr_array_index (data->pcr0s, j); + /* skip unless same algorithm */ + if (strlen (checksum) != strlen (checksum_tmp)) + continue; if (g_strcmp0 (checksum, checksum_tmp) == 0) { data->reconstructed = TRUE; - return; + break; } } + /* check at least one reconstruction for this algorithm */ + if (!data->reconstructed) { + fu_device_set_update_message (device, + "TPM PCR0 differs from reconstruction, " + "please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction"); + return; + } } - - /* urgh, this is unexpected */ - fu_device_set_update_message (device, - "TPM PCR0 differs from reconstruction, " - "please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction"); } void