git.baikalelectronics.ru Git - kernel.git/commit

author	Nayna Jain <nayna@linux.vnet.ibm.com>
	Mon, 30 Jan 2017 09:59:41 +0000 (04:59 -0500)
committer	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
	Fri, 3 Feb 2017 20:03:14 +0000 (22:03 +0200)
commit	10baeb95de9352ff74c171290b382668cfc5f7c3
tree	805ea1b006b4394854ae70db7bd409bb2c9611d8	tree \| snapshot
parent	417c94a82077d943637a8c3c639a3b31d7e7b75b	commit \| diff

tpm: enhance TPM 2.0 PCR extend to support multiple banks

The current TPM 2.0 device driver extends only the SHA1 PCR bank
but the TCG Specification[1] recommends extending all active PCR
banks, to prevent malicious users from setting unused PCR banks with
fake measurements and quoting them.

The existing in-kernel interface(tpm_pcr_extend()) expects only a
SHA1 digest. To extend all active PCR banks with differing
digest sizes, the SHA1 digest is padded with trailing 0's as needed.

This patch reuses the defined digest sizes from the crypto subsystem,
adding a dependency on CRYPTO_HASH_INFO module.

[1] TPM 2.0 Specification referred here is "TCG PC Client Specific
Platform Firmware Profile for TPM 2.0"

Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Kenneth Goldman <kgold@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

drivers/char/tpm/Kconfig		diff \| blob \| history
drivers/char/tpm/tpm-interface.c		diff \| blob \| history
drivers/char/tpm/tpm.h		diff \| blob \| history
drivers/char/tpm/tpm2-cmd.c		diff \| blob \| history