[Skiboot] [PATCH v2 2/3] tpm_extendl: log the calling results
Claudio Carvalho
cclaudio at linux.vnet.ibm.com
Wed Nov 2 09:40:26 AEDT 2016
Currently, the tpm_extendl() results are logged by the caller, but
tpm_extendl() walks through all the tpm_chip registered and consequently
multiple tpm_chips can fail.
This turns the logging over to tpm_extendl(), which now logs how many
tpm_chips successfully measured and failed to measure a given data.
Another option would be to provide the caller the number of tpm_chips
that failed and successfully measured the data, but the caller will use
this information only for logging.
Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
libstb/stb.c | 28 ++++++++++++----------------
libstb/tpm_chip.c | 8 +++++++-
2 files changed, 19 insertions(+), 17 deletions(-)
diff --git a/libstb/stb.c b/libstb/stb.c
index be68a50..4a9aa88 100644
--- a/libstb/stb.c
+++ b/libstb/stb.c
@@ -163,7 +163,11 @@ void stb_init(void)
int stb_final(void)
{
uint32_t pcr;
- int rc = 0;
+ int rc;
+ bool failed;
+
+ rc = 0;
+ failed = false;
if (trusted_mode) {
#ifdef STB_DEBUG
@@ -186,9 +190,7 @@ int stb_final(void)
TPM_ALG_SHA1_SIZE, EV_SEPARATOR,
"Skiboot Boot");
if (rc)
- return rc;
- prlog(PR_NOTICE, "STB: 0xFFFFFFFF measured "
- "to pcr%d\n", pcr);
+ failed = true;
}
tpm_add_status_property();
}
@@ -199,16 +201,15 @@ int stb_final(void)
tpm_cleanup();
secure_mode = false;
trusted_mode = false;
- return rc;
+ return (failed) ? STB_MEASURE_FAILED : 0;
}
int tb_measure(enum resource_id id, void *buf, size_t len)
{
- int rc, r;
+ int r;
uint8_t digest[SHA512_DIGEST_LENGTH];
const uint8_t *digestp;
- rc = 0;
digestp = NULL;
if (!trusted_mode) {
prlog(PR_NOTICE, "STB: %s skipped resource %d, "
@@ -284,15 +285,10 @@ int tb_measure(enum resource_id id, void *buf, size_t len)
* algorithm, the sha512 hash is truncated to match the size required
* by each PCR bank.
*/
- rc = tpm_extendl(resource_map[r].pcr,
- TPM_ALG_SHA256, digest, TPM_ALG_SHA256_SIZE,
- TPM_ALG_SHA1, digest, TPM_ALG_SHA1_SIZE,
- EV_ACTION, resource_map[r].name);
- if (rc)
- return rc;
- prlog(PR_NOTICE, "STB: %s measured to pcr%d\n", resource_map[r].name,
- resource_map[r].pcr);
- return 0;
+ return tpm_extendl(resource_map[r].pcr,
+ TPM_ALG_SHA256, digest, TPM_ALG_SHA256_SIZE,
+ TPM_ALG_SHA1, digest, TPM_ALG_SHA1_SIZE,
+ EV_ACTION, resource_map[r].name);
}
int sb_verify(enum resource_id id, void *buf, size_t len)
diff --git a/libstb/tpm_chip.c b/libstb/tpm_chip.c
index d4075bd..65ab290 100644
--- a/libstb/tpm_chip.c
+++ b/libstb/tpm_chip.c
@@ -227,10 +227,11 @@ int tpm_extendl(TPM_Pcr pcr,
TPM_Alg_Id alg2, uint8_t* digest2, size_t size2,
uint32_t event_type, const char* event_msg)
{
- int rc, failed;
+ int rc, measured, failed;
TCG_PCR_EVENT2 event;
struct tpm_chip *tpm = NULL;
+ measured = 0;
failed = 0;
list_for_each(&tpm_list, tpm, link) {
@@ -298,7 +299,12 @@ int tpm_extendl(TPM_Pcr pcr,
tpm_print_pcr(tpm, pcr, alg2, size2);
}
#endif
+ measured++;
}
+
+ prlog(PR_NOTICE, "TPM: %s (pcr%d) measured on %d tpms and "
+ "failed on %d tpms\n", event_msg, pcr, measured, failed);
+
if (failed > 0)
return STB_MEASURE_FAILED;
return 0;
--
1.9.1
More information about the Skiboot
mailing list