GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/tpm: Fix TPM software stack vulnerability 

* Fix tlcl_read() for TPM 1.2
* https://github.com/nccgroup/TPMGenie

Change-Id: I1618b2cc579d189bccca7a781e2bed0976a8b471
Signed-off-by: zaolin <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/25184
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
zaolin 2018-03-15 00:39:55 +01:00 committed by Martin Roth
parent 4e0b47a5ed
commit 1356d6288b
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/security/tpm/tss/tcg-1.2/tss.c
View File

@ -238,6 +238,8 @@ uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
if (result == TPM_SUCCESS && length > 0) {
uint8_t *nv_read_cursor = response + kTpmResponseHeaderLength;
from_tpm_uint32(nv_read_cursor, &result_length);
if (result_length > length)
return TPM_E_IOERROR;
nv_read_cursor += sizeof(uint32_t);
memcpy(data, nv_read_cursor, result_length);
}
@ -300,7 +302,8 @@ uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags)
if (result != TPM_SUCCESS)
return result;
from_tpm_uint32(response + kTpmResponseHeaderLength, &size);
assert(size == sizeof(TPM_PERMANENT_FLAGS));
if (size != sizeof(TPM_PERMANENT_FLAGS))
return TPM_E_IOERROR;
memcpy(pflags, response + kTpmResponseHeaderLength + sizeof(size),
sizeof(TPM_PERMANENT_FLAGS));
return result;