On Mon, 23 Dec 2024 at 16:48, Raymond Mao <[email protected]> wrote: > > Add a bool var into hash_algo_list to indicate whether the algorithm > is supported or not and move the IS_ENABLED to only cover this var. > So that we can have the name, hash, mask and size no matter the > digest kconfigs are enabled or not. > > In before, tpm2_algorithm_to_len() and tcg2_algorithm_to_mask() are used to > identify an unsupported algorithm when they return 0. > It is not the case now when hash_algo_list always provides algorithm size > and mask, thus a new API is introduced to check if an algorithm is > supported by U-Boot. > > Suggested-by: Ilias Apalodimas <[email protected]> > Signed-off-by: Ilias Apalodimas <[email protected]> > Signed-off-by: Raymond Mao <[email protected]> > --- > include/tpm-v2.h | 37 +++++++++++++++++++++++++++++-------- > lib/tpm-v2.c | 14 +++++++++++++- > lib/tpm_tcg2.c | 17 +++++++++-------- > 3 files changed, 51 insertions(+), 17 deletions(-) > > diff --git a/include/tpm-v2.h b/include/tpm-v2.h > index 87b2c614ad..c49eadda26 100644 > --- a/include/tpm-v2.h > +++ b/include/tpm-v2.h > @@ -268,6 +268,7 @@ struct digest_info { > u16 hash_alg; > u32 hash_mask; > u16 hash_len; > + bool supported; > }; > > /* Algorithm Registry */ > @@ -278,38 +279,50 @@ struct digest_info { > #define TCG2_BOOT_HASH_ALG_SM3_256 0x00000010 > > static const struct digest_info hash_algo_list[] = { > -#if IS_ENABLED(CONFIG_SHA1) > { > "sha1", > TPM2_ALG_SHA1, > TCG2_BOOT_HASH_ALG_SHA1, > TPM2_SHA1_DIGEST_SIZE, > - }, > +#if IS_ENABLED(CONFIG_SHA1) > + true, > +#else > + false, > #endif > -#if IS_ENABLED(CONFIG_SHA256) > + }, > { > "sha256", > TPM2_ALG_SHA256, > TCG2_BOOT_HASH_ALG_SHA256, > TPM2_SHA256_DIGEST_SIZE, > - }, > +#if IS_ENABLED(CONFIG_SHA256) > + true, > +#else > + false, > #endif > -#if IS_ENABLED(CONFIG_SHA384) > + }, > { > "sha384", > TPM2_ALG_SHA384, > TCG2_BOOT_HASH_ALG_SHA384, > TPM2_SHA384_DIGEST_SIZE, > - }, > +#if IS_ENABLED(CONFIG_SHA384) > + true, > +#else > + false, > #endif > -#if IS_ENABLED(CONFIG_SHA512) > + }, > { > "sha512", > TPM2_ALG_SHA512, > TCG2_BOOT_HASH_ALG_SHA512, > TPM2_SHA512_DIGEST_SIZE, > - }, > +#if IS_ENABLED(CONFIG_SHA512) > + true, > +#else > + false, > #endif > + }, > }; > > /* NV index attributes */ > @@ -704,6 +717,14 @@ enum tpm2_algorithms tpm2_name_to_algorithm(const char > *name); > */ > const char *tpm2_algorithm_name(enum tpm2_algorithms); > > +/** > + * tpm2_algorithm_supported() - Check if the algorithm supported by U-Boot > + * > + * @algorithm_id: algorithm defined in enum tpm2_algorithms > + * Return: true if supported, otherwise false > + */ > +bool tpm2_algorithm_supported(enum tpm2_algorithms algo); > + > /** > * tpm2_algorithm_to_len() - Return an algorithm length for supported > algorithm id > * > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c > index 0edb0aa90c..96c164f2a5 100644 > --- a/lib/tpm-v2.c > +++ b/lib/tpm-v2.c > @@ -884,6 +884,18 @@ const char *tpm2_algorithm_name(enum tpm2_algorithms > algo) > return ""; > } > > +bool tpm2_algorithm_supported(enum tpm2_algorithms algo) > +{ > + size_t i; > + > + for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) { > + if (hash_algo_list[i].hash_alg == algo) > + return hash_algo_list[i].supported; > + } > + > + return false; > +} > + > u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo) > { > size_t i; > @@ -908,7 +920,7 @@ bool tpm2_check_active_banks(struct udevice *dev) > > for (i = 0; i < pcrs.count; i++) { > if (tpm2_is_active_bank(&pcrs.selection[i]) && > - !tpm2_algorithm_to_len(pcrs.selection[i].hash)) > + !tpm2_algorithm_supported(pcrs.selection[i].hash)) > return false; > } > > diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c > index 16f41cbfd1..4682f7664f 100644 > --- a/lib/tpm_tcg2.c > +++ b/lib/tpm_tcg2.c > @@ -37,16 +37,17 @@ int tcg2_get_pcr_info(struct udevice *dev, u32 > *supported_bank, u32 *active_bank > return ret; > > for (i = 0; i < pcrs.count; i++) { > - u32 hash_mask = > tcg2_algorithm_to_mask(pcrs.selection[i].hash); > + struct tpms_pcr_selection *sel = &pcrs.selection[i]; > + u32 hash_mask = tcg2_algorithm_to_mask(sel->hash); > > - if (hash_mask) { > + if (tpm2_algorithm_supported(sel->hash)) > *supported_bank |= hash_mask; > - if (tpm2_is_active_bank(&pcrs.selection[i])) > - *active_bank |= hash_mask; > - } else { > - printf("%s: unknown algorithm %x\n", __func__, > - pcrs.selection[i].hash); > - } > + else > + log_warning("%s: unknown algorithm %x\n", __func__, > + sel->hash); > + > + if (tpm2_is_active_bank(sel)) > + *active_bank |= hash_mask; > } > > *bank_num = pcrs.count; > -- > 2.25.1 >
Reviewed-by: Ilias Apalodimas <[email protected]>
