security/tpm/tspi: Fix handling of white space delimited list
The current implementation uses strcmp() without splitting the list and therefore returns false even when the string pointed to by 'name' is a part of 'whitelist'. The patch fixes this problem. Also, update help text of CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA to space delimited list to align it with the other lists we use. Change-Id: Ifd285162ea6e562a5bb18325a1b767ac2e4276f3 Signed-off-by: Harshit Sharma <harshitsharmajs@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41280 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
This commit is contained in:
parent
fb6606b8db
commit
aae1633069
|
@ -112,6 +112,6 @@ config TPM_MEASURED_BOOT_RUNTIME_DATA
|
||||||
depends on TPM_MEASURED_BOOT
|
depends on TPM_MEASURED_BOOT
|
||||||
help
|
help
|
||||||
Runtime data whitelist of cbfs filenames. Needs to be a
|
Runtime data whitelist of cbfs filenames. Needs to be a
|
||||||
comma separated list
|
space delimited list
|
||||||
|
|
||||||
endmenu # Trusted Platform Module (tpm)
|
endmenu # Trusted Platform Module (tpm)
|
||||||
|
|
|
@ -88,17 +88,18 @@ static bool is_runtime_data(const char *name)
|
||||||
const char *whitelist = CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA;
|
const char *whitelist = CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA;
|
||||||
size_t whitelist_len = sizeof(CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA) - 1;
|
size_t whitelist_len = sizeof(CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA) - 1;
|
||||||
size_t name_len = strlen(name);
|
size_t name_len = strlen(name);
|
||||||
int i;
|
const char *end;
|
||||||
|
|
||||||
if (!whitelist_len || !name_len)
|
if (!whitelist_len || !name_len)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
for (i = 0; (i + name_len) <= whitelist_len; i++) {
|
while ((end = strchr(whitelist, ' '))) {
|
||||||
if (!strcmp(whitelist + i, name))
|
if (end - whitelist == name_len && !strncmp(whitelist, name, name_len))
|
||||||
return true;
|
return true;
|
||||||
|
whitelist = end + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return !strcmp(whitelist, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name)
|
uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name)
|
||||||
|
|
Loading…
Reference in New Issue