security/tpm/tspi: Fix handling of white space delimited list

The current implementation uses strcmp() without splitting the list
and therefore returns false even when the string pointed to by
'name' is a part of 'whitelist'. The patch fixes this problem.
Also, update help text of CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA to
space delimited list to align it with the other lists we use.

Change-Id: Ifd285162ea6e562a5bb18325a1b767ac2e4276f3
Signed-off-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41280
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
This commit is contained in:
harshit 2020-05-12 12:55:39 +05:30 committed by Patrick Georgi
parent fb6606b8db
commit aae1633069
2 changed files with 6 additions and 5 deletions

View File

@ -112,6 +112,6 @@ config TPM_MEASURED_BOOT_RUNTIME_DATA
depends on TPM_MEASURED_BOOT
help
Runtime data whitelist of cbfs filenames. Needs to be a
comma separated list
space delimited list
endmenu # Trusted Platform Module (tpm)

View File

@ -88,17 +88,18 @@ static bool is_runtime_data(const char *name)
const char *whitelist = CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA;
size_t whitelist_len = sizeof(CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA) - 1;
size_t name_len = strlen(name);
int i;
const char *end;
if (!whitelist_len || !name_len)
return false;
for (i = 0; (i + name_len) <= whitelist_len; i++) {
if (!strcmp(whitelist + i, name))
while ((end = strchr(whitelist, ' '))) {
if (end - whitelist == name_len && !strncmp(whitelist, name, name_len))
return true;
whitelist = end + 1;
}
return false;
return !strcmp(whitelist, name);
}
uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name)