security/tpm: Improve TCPA log generation

* Make tcpa_log_init static and move init code into the tcpa_log_add_table_entry routine. * Add more checks for log initialization. * Fix minor issues Change-Id: I215d79eed7ad17c6ab87f0c4b14a282e519ef07d Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/27769 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-08-01 06:26:00 +02:00 · 2018-08-01 06:26:00 +02:00 · bce49c2304
parent 0a0340e42e
commit bce49c2304
5 changed files with 26 additions and 34 deletions
--- a/src/commonlib/include/commonlib/tcpa_log_serialized.h
+++ b/src/commonlib/include/commonlib/tcpa_log_serialized.h
@ -29,7 +29,7 @@ struct tcpa_entry {
 	uint32_t pcr;
 	uint8_t digest[TCPA_DIGEST_MAX_LENGTH];
 	uint32_t digest_length;
-	uint8_t name[TCPA_PCR_HASH_NAME];
+	char name[TCPA_PCR_HASH_NAME];
 } __packed;
 struct tcpa_table {
--- a/src/drivers/tpm/tpm.c
+++ b/src/drivers/tpm/tpm.c
@ -30,9 +30,6 @@ static void init_tpm_dev(void *unused)
 #else
 	tpm_setup(false);
 #endif
 	// TCPA cbmem log
 	tcpa_log_init();
 }
 BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_ENTRY, init_tpm_dev, NULL);
--- a/src/security/tpm/tspi.h
+++ b/src/security/tpm/tspi.h
@ -20,11 +20,6 @@
 #include <security/tpm/tss.h>
 #include <commonlib/tcpa_log_serialized.h>
 /**
 * Setup TCPA cbmem log.
 */
 void tcpa_log_init(void);
 /**
 * Add table entry for cbmem TCPA log.
 */
--- a/src/security/tpm/tspi/log.c
+++ b/src/security/tpm/tspi/log.c
@ -18,47 +18,45 @@
 #include <console/console.h>
 #include <security/tpm/tspi.h>
-void tcpa_log_init(void)
+static struct tcpa_table *tcpa_log_init(void)
 {
-	const struct cbmem_entry *ce;
+	MAYBE_STATIC struct tcpa_table *tclt = NULL;
 	struct tcpa_table *tclt;
 	if (!cbmem_possibly_online())
-		return;
+		return NULL;
-	ce = cbmem_entry_find(CBMEM_ID_TCPA_LOG);
+	if (tclt != NULL)
-	if (ce)
+		return tclt;
-		return;
+
 	tclt = (struct tcpa_table *) cbmem_entry_find(CBMEM_ID_TCPA_LOG);
 	if (tclt)
 		return tclt;
 	tclt = cbmem_add(CBMEM_ID_TCPA_LOG,
 			 sizeof(struct tcpa_table) +
 			 MAX_TCPA_LOG_ENTRIES *
 			 sizeof(struct tcpa_entry));
-	if (!tclt)
+	if (!tclt) {
-		return;
+		printk(BIOS_ERR, "ERROR: Could not create TCPA log table\n");
 		return NULL;
 	}
 	tclt->max_entries = MAX_TCPA_LOG_ENTRIES;
 	tclt->num_entries = 0;
 	printk(BIOS_DEBUG, "TCPA log created at %p\n", tclt);
 	return tclt;
 }
 void tcpa_log_add_table_entry(const char *name, const uint32_t pcr,
 			      const uint8_t *digest, const size_t digest_length)
 {
-	MAYBE_STATIC struct tcpa_table *tclt = NULL;
+	struct tcpa_table *tclt;
 	struct tcpa_entry *tce;
-	if (!cbmem_possibly_online())
+	tclt = tcpa_log_init();
 		return;
 	tclt = cbmem_find(CBMEM_ID_TCPA_LOG);
 	if (!tclt) {
 		printk(BIOS_ERR, "ERROR: No TCPA log table found\n");
 		return;
 	}
 	if (tclt->num_entries == tclt->max_entries) {
 		printk(BIOS_WARNING, "ERROR: TCPA log table is full\n");
 		return;
@ -66,8 +64,13 @@ void tcpa_log_add_table_entry(const char *name, const uint32_t pcr,
 	tce = &tclt->entries[tclt->num_entries++];
-	memcpy(tce->name, name, TCPA_PCR_HASH_NAME);
+	strncpy(tce->name, name, TCPA_PCR_HASH_NAME - 1);
 	tce->pcr = pcr;
 	if (digest_length > TCPA_DIGEST_MAX_LENGTH) {
 		printk(BIOS_WARNING, "ERROR: PCR digest too long for TCPA log entry\n");
 		return;
 	}
 	memcpy(tce->digest, digest, digest_length);
 	tce->digest_length = digest_length;
 }
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@ -451,9 +451,6 @@ uint32_t vboot_setup_tpm(struct vb2_context *ctx)
 	if (result == TPM_E_MUST_REBOOT)
 		ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
 	// TCPA cbmem log
 	tcpa_log_init();
 	return result;
 }