diff options
author | Dan Streetman <ddstreet@ieee.org> | 2023-02-27 06:44:13 -0500 |
---|---|---|
committer | Dan Streetman <ddstreet@ieee.org> | 2023-03-09 10:46:19 -0500 |
commit | aa07a4fa353d758562c4bec8c7d3b1d44b55e573 (patch) | |
tree | 04f2ed23cfbd39296730ef6039985648f1ba8613 /src/shared/tpm2-util.h | |
parent | 23b972d571650014ab5f22610da80a62f53f2245 (diff) | |
download | systemd-aa07a4fa353d758562c4bec8c7d3b1d44b55e573.tar.gz |
tpm2: add TPM2_PCR_VALID()
Diffstat (limited to 'src/shared/tpm2-util.h')
-rw-r--r-- | src/shared/tpm2-util.h | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h index d26a945a90..07a8a89800 100644 --- a/src/shared/tpm2-util.h +++ b/src/shared/tpm2-util.h @@ -11,6 +11,18 @@ typedef enum TPM2Flags { TPM2_FLAGS_USE_PIN = 1 << 0, } TPM2Flags; + +/* As per https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf a + * TPM2 on a Client PC must have at least 24 PCRs. This hardcodes our expectation of 24. */ +#define TPM2_PCRS_MAX 24U +#define TPM2_PCRS_MASK ((UINT32_C(1) << TPM2_PCRS_MAX) - 1) +static inline bool TPM2_PCR_VALID(unsigned pcr) { + return pcr < TPM2_PCRS_MAX; +} +static inline bool TPM2_PCR_MASK_VALID(uint32_t pcr_mask) { + return pcr_mask <= TPM2_PCRS_MASK; +} + #if HAVE_TPM2 #include <tss2/tss2_esys.h> @@ -108,12 +120,6 @@ int tpm2_parse_pcr_json_array(JsonVariant *v, uint32_t *ret); int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const void *pubkey, size_t pubkey_size, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const void *blob, size_t blob_size, const void *policy_hash, size_t policy_hash_size, const void *salt, size_t salt_size, TPM2Flags flags, JsonVariant **ret); int tpm2_parse_luks2_json(JsonVariant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, void **ret_pubkey, size_t *ret_pubkey_size, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, void **ret_blob, size_t *ret_blob_size, void **ret_policy_hash, size_t *ret_policy_hash_size, void **ret_salt, size_t *ret_salt_size, TPM2Flags *ret_flags); -#define TPM2_PCRS_MAX 24U - -static inline bool TPM2_PCR_MASK_VALID(uint64_t pcr_mask) { - return pcr_mask < (UINT64_C(1) << TPM2_PCRS_MAX); /* Support 24 PCR banks */ -} - /* Default to PCR 7 only */ #define TPM2_PCR_MASK_DEFAULT (UINT32_C(1) << 7) |