git.baikalelectronics.ru Git - kernel.git/commit

author	Fabian Vogt <fvogt@suse.de>
	Mon, 15 Jun 2020 07:16:36 +0000 (09:16 +0200)
committer	Ard Biesheuvel <ardb@kernel.org>
	Mon, 15 Jun 2020 12:37:02 +0000 (14:37 +0200)
commit	4921b6b728fcf66f6648cfb2cbaefb63dde1b787
tree	cd1ffeecd721ea89aa7f9665e6588b96b97dce65	tree \| snapshot
parent	9c48eef5c547fb47ff280b2ce2ec7a46654f8eb5	commit \| diff

efi/tpm: Verify event log header before parsing

It is possible that the first event in the event log is not actually a
log header at all, but rather a normal event. This leads to the cast in
__calc_tpm2_event_size being an invalid conversion, which means that
the values read are effectively garbage. Depending on the first event's
contents, this leads either to apparently normal behaviour, a crash or
a freeze.

While this behaviour of the firmware is not in accordance with the
TCG Client EFI Specification, this happens on a Dell Precision 5510
with the TPM enabled but hidden from the OS ("TPM On" disabled, state
otherwise untouched). The EFI firmware claims that the TPM is present
and active and that it supports the TCG 2.0 event log format.

Fortunately, this can be worked around by simply checking the header
of the first event and the event log header signature itself.

Commit 11bdb8d3ba97 ("tpm: check event log version before reading final
events") addressed a similar issue also found on Dell models.

Fixes: b76c2a7dfcb3 ("efi: Attempt to get the TCG2 event log in the boot stub")
Signed-off-by: Fabian Vogt <fvogt@suse.de>
Link: https://lore.kernel.org/r/1927248.evlx2EsYKh@linux-e202.suse.de
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1165773
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>