• Roberto Sassu's avatar
    tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() · 0b6cf6b9
    Roberto Sassu authored
    Currently, tpm_pcr_extend() accepts as an input only a SHA1 digest.
    
    This patch replaces the hash parameter of tpm_pcr_extend() with an array of
    tpm_digest structures, so that the caller can provide a digest for each PCR
    bank currently allocated in the TPM.
    
    tpm_pcr_extend() will not extend banks for which no digest was provided,
    as it happened before this patch, but instead it requires that callers
    provide the full set of digests. Since the number of digests will always be
    chip->nr_allocated_banks, the count parameter has been removed.
    
    Due to the API change, ima_pcr_extend() and pcrlock() have been modified.
    Since the number of allocated banks is not known in advance, the memory for
    the digests must be dynamically allocated. To avoid performance degradation
    and to avoid that a PCR extend is not done due to lack of memory, the array
    of tpm_digest structures is allocated by the users of the TPM driver at
    initialization time.
    Signed-off-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
    Reviewed-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
    Tested-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
    Tested-by: Mimi Zohar <zohar@linux.ibm.com> (on x86 for TPM 1.2 & PTT TPM 2.0)
    Signed-off-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
    0b6cf6b9
tpm2-cmd.c 25.1 KB