| From 7d761119a914ec0ac05ec2a5378d1f86e680967d Mon Sep 17 00:00:00 2001 |
| From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> |
| Date: Wed, 25 Jan 2017 23:00:22 +0200 |
| Subject: [PATCH] tpm: fix RC value check in tpm2_seal_trusted |
| |
| commit 7d761119a914ec0ac05ec2a5378d1f86e680967d upstream. |
| |
| The error code handling is broken as any error code that has the same |
| bits set as TPM_RC_HASH passes. Implemented tpm2_rc_value() helper to |
| parse the error value from FMT0 and FMT1 error codes so that these types |
| of mistakes are prevented in the future. |
| |
| Fixes: 5ca4c20cfd37 ("keys, trusted: select hash algorithm for TPM2 chips") |
| Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> |
| Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> |
| |
| diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h |
| index 244fcffdab6b..dbe0c5a72c67 100644 |
| --- a/drivers/char/tpm/tpm.h |
| +++ b/drivers/char/tpm/tpm.h |
| @@ -519,6 +519,11 @@ static inline void tpm_add_ppi(struct tpm_chip *chip) |
| } |
| #endif |
| |
| +static inline inline u32 tpm2_rc_value(u32 rc) |
| +{ |
| + return (rc & BIT(7)) ? rc & 0xff : rc; |
| +} |
| + |
| int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf); |
| int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash); |
| int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max); |
| diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c |
| index a0199f18f7fb..42fe3dde0d8c 100644 |
| --- a/drivers/char/tpm/tpm2-cmd.c |
| +++ b/drivers/char/tpm/tpm2-cmd.c |
| @@ -546,7 +546,7 @@ out: |
| tpm_buf_destroy(&buf); |
| |
| if (rc > 0) { |
| - if ((rc & TPM2_RC_HASH) == TPM2_RC_HASH) |
| + if (tpm2_rc_value(rc) == TPM2_RC_HASH) |
| rc = -EINVAL; |
| else |
| rc = -EPERM; |
| -- |
| 2.12.0 |
| |