Re: [PATCH 05/11] tpm: add flag in hash_algo_list and API to check if algorithm is supported

24 Dec 2024

On Mon, 23 Dec 2024 at 16:48, Raymond Mao raymond.mao@linaro.org wrote:
...
Add a bool var into hash_algo_list to indicate whether the algorithm
is supported or not and move the IS_ENABLED to only cover this var.
So that we can have the name, hash, mask and size no matter the
digest kconfigs are enabled or not.
In before, tpm2_algorithm_to_len() and tcg2_algorithm_to_mask() are used to
identify an unsupported algorithm when they return 0.
It is not the case now when hash_algo_list always provides algorithm size
and mask, thus a new API is introduced to check if an algorithm is
supported by U-Boot.
Suggested-by: Ilias Apalodimas ilias.apalodimas@linaro.org
Signed-off-by: Ilias Apalodimas ilias.apalodimas@linaro.org
Signed-off-by: Raymond Mao raymond.mao@linaro.org

include/tpm-v2.h | 37 +++++++++++++++++++++++++++++--------
 lib/tpm-v2.c     | 14 +++++++++++++-
 lib/tpm_tcg2.c   | 17 +++++++++--------
 3 files changed, 51 insertions(+), 17 deletions(-)

diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 87b2c614ad..c49eadda26 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -268,6 +268,7 @@ struct digest_info {
        u16 hash_alg;
        u32 hash_mask;
        u16 hash_len;

  bool supported;



};
/* Algorithm Registry */
@@ -278,38 +279,50 @@ struct digest_info {
 #define TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
static const struct digest_info hash_algo_list[] = {
-#if IS_ENABLED(CONFIG_SHA1)
        {
                "sha1",
                TPM2_ALG_SHA1,
                TCG2_BOOT_HASH_ALG_SHA1,
                TPM2_SHA1_DIGEST_SIZE,

  },



+#if IS_ENABLED(CONFIG_SHA1)

          true,



+#else

          false,



#endif
-#if IS_ENABLED(CONFIG_SHA256)

  },
  {
          "sha256",
          TPM2_ALG_SHA256,
          TCG2_BOOT_HASH_ALG_SHA256,
          TPM2_SHA256_DIGEST_SIZE,




  },



+#if IS_ENABLED(CONFIG_SHA256)

          true,



+#else

          false,



#endif
-#if IS_ENABLED(CONFIG_SHA384)

  },
  {
          "sha384",
          TPM2_ALG_SHA384,
          TCG2_BOOT_HASH_ALG_SHA384,
          TPM2_SHA384_DIGEST_SIZE,




  },



+#if IS_ENABLED(CONFIG_SHA384)

          true,



+#else

          false,



#endif
-#if IS_ENABLED(CONFIG_SHA512)

  },
  {
          "sha512",
          TPM2_ALG_SHA512,
          TCG2_BOOT_HASH_ALG_SHA512,
          TPM2_SHA512_DIGEST_SIZE,




  },



+#if IS_ENABLED(CONFIG_SHA512)

          true,



+#else

          false,



#endif

  },



};
/* NV index attributes */
@@ -704,6 +717,14 @@ enum tpm2_algorithms tpm2_name_to_algorithm(const char *name);
  */
 const char *tpm2_algorithm_name(enum tpm2_algorithms);
+/**


tpm2_algorithm_supported() -  Check if the algorithm supported by U-Boot







@algorithm_id: algorithm defined in enum tpm2_algorithms



Return: true if supported, otherwise false


*/

+bool tpm2_algorithm_supported(enum tpm2_algorithms algo);



/**

tpm2_algorithm_to_len() - Return an algorithm length for supported algorithm id


diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 0edb0aa90c..96c164f2a5 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -884,6 +884,18 @@ const char *tpm2_algorithm_name(enum tpm2_algorithms algo)
        return "";
 }
+bool tpm2_algorithm_supported(enum tpm2_algorithms algo)
+{

  size_t i;



  for (i = 0; i < ARRAY_SIZE(hash_algo_list); ++i) {


          if (hash_algo_list[i].hash_alg == algo)


                  return hash_algo_list[i].supported;


  }



  return false;



+}



u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo)
 {
        size_t i;
@@ -908,7 +920,7 @@ bool tpm2_check_active_banks(struct udevice *dev)
    for (i = 0; i < pcrs.count; i++) {
            if (tpm2_is_active_bank(&pcrs.selection[i]) &&


              !tpm2_algorithm_to_len(pcrs.selection[i].hash))




              !tpm2_algorithm_supported(pcrs.selection[i].hash))
                  return false;
  }




diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
index 16f41cbfd1..4682f7664f 100644
--- a/lib/tpm_tcg2.c
+++ b/lib/tpm_tcg2.c
@@ -37,16 +37,17 @@ int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_bank, u32 *active_bank
                return ret;
    for (i = 0; i < pcrs.count; i++) {


          u32 hash_mask = tcg2_algorithm_to_mask(pcrs.selection[i].hash);




          struct tpms_pcr_selection *sel = &pcrs.selection[i];


          u32 hash_mask = tcg2_algorithm_to_mask(sel->hash);





          if (hash_mask) {




          if (tpm2_algorithm_supported(sel->hash))
                  *supported_bank |= hash_mask;




                  if (tpm2_is_active_bank(&pcrs.selection[i]))


                          *active_bank |= hash_mask;


          } else {


                  printf("%s: unknown algorithm %x\n", __func__,


                         pcrs.selection[i].hash);


          }




          else


                  log_warning("%s: unknown algorithm %x\n", __func__,


                              sel->hash);



          if (tpm2_is_active_bank(sel))


                  *active_bank |= hash_mask;
  }

  *bank_num = pcrs.count;



--
2.25.1
Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org

    