security/tpm/tspi: Fix handling of white space delimited list

The current implementation uses strcmp() without splitting the list and therefore returns false even when the string pointed to by 'name' is a part of 'whitelist'. The patch fixes this problem. Also, update help text of CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA to space delimited list to align it with the other lists we use. Change-Id: Ifd285162ea6e562a5bb18325a1b767ac2e4276f3 Signed-off-by: Harshit Sharma <harshitsharmajs@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41280 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2020-05-12 12:55:39 +05:30 · 2020-05-12 12:55:39 +05:30 · aae1633069
parent fb6606b8db
commit aae1633069
2 changed files with 6 additions and 5 deletions
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@ -112,6 +112,6 @@ config TPM_MEASURED_BOOT_RUNTIME_DATA
 	depends on TPM_MEASURED_BOOT
 	help
 	  Runtime data whitelist of cbfs filenames. Needs to be a
-	  comma separated list
+	  space delimited list

 endmenu # Trusted Platform Module (tpm)
--- a/src/security/tpm/tspi/crtm.c
+++ b/src/security/tpm/tspi/crtm.c
@ -88,17 +88,18 @@ static bool is_runtime_data(const char *name)
 	const char *whitelist = CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA;
 	size_t whitelist_len = sizeof(CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA) - 1;
 	size_t name_len = strlen(name);
-	int i;
+	const char *end;

 	if (!whitelist_len || !name_len)
 		return false;

-	for (i = 0; (i + name_len) <= whitelist_len; i++) {
-		if (!strcmp(whitelist + i, name))
+	while ((end = strchr(whitelist, ' '))) {
+		if (end - whitelist == name_len && !strncmp(whitelist, name, name_len))
 			return true;
+		whitelist = end + 1;
 	}

-	return false;
+	return !strcmp(whitelist, name);
 }

 uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name)