diff options
| author | Javier Martinez Canillas <javierm@redhat.com> | 2017-06-15 15:16:06 +0200 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2017-06-15 11:30:22 -0400 |
| commit | 55c65546e46a78edbe41e88cb4ccbd2522e09625 (patch) | |
| tree | bc85070e49593ce0ab0a7c235ed15e1d0e7e8c85 /Cryptlib/OpenSSL/crypto/modes/cbc128.c | |
| parent | 0baa915056b6dc3dbea51c045e1e3ef8a0d86a08 (diff) | |
| download | efi-boot-shim-55c65546e46a78edbe41e88cb4ccbd2522e09625.tar.gz efi-boot-shim-55c65546e46a78edbe41e88cb4ccbd2522e09625.zip | |
shim/tpm: Avoid passing an usupported event log format to GetEventLogs()
The TCG EFI Protocol Specification for family "2.0" mentions that not all
TPM2 chips may support the EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 (crypto agile)
log format. So instead of always use this log format, the GetCapability()
function should be used to determine which format is supported by the TPM.
For example, the Intel PTT firmware based TPM found in Lenovo Thinkapd X1
Carbon (4th gen), only supports SHA-1 (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2)
log format. So a call to GetEventLog() using the crypto agile format was
returning EFI_INVALID_PARAMETER, making tpm_log_event() function to fail.
This was preventing shim to correctly measure the second stage bootloader:
$ tpm2_listpcrs -L 0x04:9
Bank/Algorithm: TPM_ALG_SHA1(0x0004)
PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
After passing a supported log format to GetEventLog(), it succeeds and so
shim is able to call the HashLogExtendEvent() EFI function correctly:
$ tpm2_listpcrs -L 0x04:9
Bank/Algorithm: TPM_ALG_SHA1(0x0004)
PCR_09: 07 5a 7e d3 75 64 ad 91 1a 34 17 17 c2 34 10 2b 58 5b de b7
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/modes/cbc128.c')
0 files changed, 0 insertions, 0 deletions