[Skiboot] [PATCH v2 2/3] tpm_extendl: log the calling results

Claudio Carvalho cclaudio at linux.vnet.ibm.com
Wed Nov 2 09:40:26 AEDT 2016


Currently, the tpm_extendl() results are logged by the caller, but
tpm_extendl() walks through all the tpm_chip registered and consequently
multiple tpm_chips can fail.

This turns the logging over to tpm_extendl(), which now logs how many
tpm_chips successfully measured and failed to measure a given data.

Another option would be to provide the caller the number of tpm_chips
that failed and successfully measured the data, but the caller will use
this information only for logging.

Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
 libstb/stb.c      | 28 ++++++++++++----------------
 libstb/tpm_chip.c |  8 +++++++-
 2 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/libstb/stb.c b/libstb/stb.c
index be68a50..4a9aa88 100644
--- a/libstb/stb.c
+++ b/libstb/stb.c
@@ -163,7 +163,11 @@ void stb_init(void)
 int stb_final(void)
 {
 	uint32_t pcr;
-	int rc = 0;
+	int rc;
+	bool failed;
+
+	rc = 0;
+	failed = false;
 
 	if (trusted_mode) {
 #ifdef STB_DEBUG
@@ -186,9 +190,7 @@ int stb_final(void)
 					TPM_ALG_SHA1_SIZE, EV_SEPARATOR,
 					"Skiboot Boot");
 			if (rc)
-				return rc;
-			prlog(PR_NOTICE, "STB: 0xFFFFFFFF measured "
-			      "to pcr%d\n", pcr);
+				failed = true;
 		}
 		tpm_add_status_property();
 	}
@@ -199,16 +201,15 @@ int stb_final(void)
 	tpm_cleanup();
 	secure_mode = false;
 	trusted_mode = false;
-	return rc;
+	return (failed) ? STB_MEASURE_FAILED : 0;
 }
 
 int tb_measure(enum resource_id id, void *buf, size_t len)
 {
-	int rc, r;
+	int r;
 	uint8_t digest[SHA512_DIGEST_LENGTH];
 	const uint8_t *digestp;
 
-	rc = 0;
 	digestp = NULL;
 	if (!trusted_mode) {
 		prlog(PR_NOTICE, "STB: %s skipped resource %d, "
@@ -284,15 +285,10 @@ int tb_measure(enum resource_id id, void *buf, size_t len)
 	 * algorithm, the sha512 hash is truncated to match the size required
 	 * by each PCR bank.
 	 */
-	rc = tpm_extendl(resource_map[r].pcr,
-			 TPM_ALG_SHA256, digest, TPM_ALG_SHA256_SIZE,
-			 TPM_ALG_SHA1,   digest, TPM_ALG_SHA1_SIZE,
-			 EV_ACTION, resource_map[r].name);
-	if (rc)
-		return rc;
-	prlog(PR_NOTICE, "STB: %s measured to pcr%d\n", resource_map[r].name,
-	      resource_map[r].pcr);
-	return 0;
+	return tpm_extendl(resource_map[r].pcr,
+			   TPM_ALG_SHA256, digest, TPM_ALG_SHA256_SIZE,
+			   TPM_ALG_SHA1,   digest, TPM_ALG_SHA1_SIZE,
+			   EV_ACTION, resource_map[r].name);
 }
 
 int sb_verify(enum resource_id id, void *buf, size_t len)
diff --git a/libstb/tpm_chip.c b/libstb/tpm_chip.c
index d4075bd..65ab290 100644
--- a/libstb/tpm_chip.c
+++ b/libstb/tpm_chip.c
@@ -227,10 +227,11 @@ int tpm_extendl(TPM_Pcr pcr,
 		TPM_Alg_Id alg2, uint8_t* digest2, size_t size2,
 		uint32_t event_type, const char* event_msg)
 {
-	int rc, failed;
+	int rc, measured, failed;
 	TCG_PCR_EVENT2 event;
 	struct tpm_chip *tpm = NULL;
 
+	measured = 0;
 	failed = 0;
 
 	list_for_each(&tpm_list, tpm, link) {
@@ -298,7 +299,12 @@ int tpm_extendl(TPM_Pcr pcr,
 			tpm_print_pcr(tpm, pcr, alg2, size2);
 		}
 #endif
+		measured++;
 	}
+
+	prlog(PR_NOTICE, "TPM: %s (pcr%d) measured on %d tpms and "
+	      "failed on %d tpms\n", event_msg, pcr, measured, failed);
+
 	if (failed > 0)
 		return STB_MEASURE_FAILED;
 	return 0;
-- 
1.9.1



More information about the Skiboot mailing list