diff options
author | Simon Glass <sjg@chromium.org> | 2021-07-18 14:18:05 -0600 |
---|---|---|
committer | Simon Glass <sjg@chromium.org> | 2021-08-01 09:05:24 -0600 |
commit | 9f0b53564f035743a2ce60636cadd17c97937dee (patch) | |
tree | d1df2ae2383a02c0f3313bdd4bc43b1e612708df | |
parent | a986216e348153705e0a019afc95da65baa1fff0 (diff) | |
download | u-boot-9f0b53564f035743a2ce60636cadd17c97937dee.tar.gz |
sandbox: tpm: Correct handling of SANDBOX_TPM_PCR_NB
This is the number of PCRs, so the current check is off by one. Also the
map itself should not be checked, just the resulting pcr_index, to avoid
confusing people who read the code.
Fix these problems.
Signed-off-by: Simon Glass <sjg@chromium.org>
-rw-r--r-- | drivers/tpm/tpm2_tis_sandbox.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c index ed9c9a0bc9..3c4bbcdf2e 100644 --- a/drivers/tpm/tpm2_tis_sandbox.c +++ b/drivers/tpm/tpm2_tis_sandbox.c @@ -642,15 +642,8 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf, for (i = 0; i < pcr_array_sz; i++) pcr_map += (u64)sent[i] << (i * 8); - if (pcr_map >> SANDBOX_TPM_PCR_NB) { - printf("Sandbox TPM handles up to %d PCR(s)\n", - SANDBOX_TPM_PCR_NB); - rc = TPM2_RC_VALUE; - return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc); - } - if (!pcr_map) { - printf("Empty PCR map.\n"); + printf("Empty PCR map\n"); rc = TPM2_RC_VALUE; return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc); } @@ -659,6 +652,13 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf, if (pcr_map & BIT(i)) pcr_index = i; + if (pcr_index >= SANDBOX_TPM_PCR_NB) { + printf("Invalid index %d, sandbox TPM handles up to %d PCR(s)\n", + pcr_index, SANDBOX_TPM_PCR_NB); + rc = TPM2_RC_VALUE; + return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc); + } + /* Write tag */ put_unaligned_be16(tag, recv); recv += sizeof(tag); @@ -692,9 +692,9 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf, pcr_index = get_unaligned_be32(sendbuf + sizeof(tag) + sizeof(length) + sizeof(command)); - if (pcr_index > SANDBOX_TPM_PCR_NB) { - printf("Sandbox TPM handles up to %d PCR(s)\n", - SANDBOX_TPM_PCR_NB); + if (pcr_index >= SANDBOX_TPM_PCR_NB) { + printf("Invalid index %d, sandbox TPM handles up to %d PCR(s)\n", + pcr_index, SANDBOX_TPM_PCR_NB); rc = TPM2_RC_VALUE; } |