diff mbox series

[v2,5/6] tpm: PCR allocate during PCR extend to disable the unsupported algorithms

Message ID 20250117164032.88942-6-raymond.mao@linaro.org
State Superseded
Delegated to: Ilias Apalodimas
Headers show
Series Reconfigure TPM when active hash algorithms dismatch | expand

Commit Message

Raymond Mao Jan. 17, 2025, 4:40 p.m. UTC
During PCR extend process, if any unsupported algorithms are active,
try to use PCR allocate to inactivate them.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
---
changes in v2
- None.

 lib/tpm-v2.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Ilias Apalodimas Jan. 23, 2025, 6:19 a.m. UTC | #1
On Fri, 17 Jan 2025 at 18:41, Raymond Mao <raymond.mao@linaro.org> wrote:
>
> During PCR extend process, if any unsupported algorithms are active,
> try to use PCR allocate to inactivate them.
>
> Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
> ---
> changes in v2
> - None.
>
>  lib/tpm-v2.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> index 0e497b2c2a..4995ddc9af 100644
> --- a/lib/tpm-v2.c
> +++ b/lib/tpm-v2.c
> @@ -344,7 +344,10 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm,
>
>         if (!tpm2_check_active_banks(dev)) {
>                 log_err("Cannot extend PCRs if all the TPM enabled algorithms are not supported\n");
> -               return -EINVAL;
> +
> +               ret = tpm2_pcr_allocate(dev, 0);
> +               if (ret)
> +                       return -EINVAL;
>         }
>         /*
>          * Fill the command structure starting from the first buffer:
> --
> 2.25.1
>

Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
diff mbox series

Patch

diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 0e497b2c2a..4995ddc9af 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -344,7 +344,10 @@  u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm,
 
 	if (!tpm2_check_active_banks(dev)) {
 		log_err("Cannot extend PCRs if all the TPM enabled algorithms are not supported\n");
-		return -EINVAL;
+
+		ret = tpm2_pcr_allocate(dev, 0);
+		if (ret)
+			return -EINVAL;
 	}
 	/*
 	 * Fill the command structure starting from the first buffer: