Re: [PATCH v21 21/33] tss2: Add TPM2 types and Marshal/Unmarshal functio

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v21 21/33] tss2: Add TPM2 types and Marshal/Unmarshal functio

From:	Gary Lin
Subject:	Re: [PATCH v21 21/33] tss2: Add TPM2 types and Marshal/Unmarshal functions
Date:	Tue, 5 Nov 2024 16:33:25 +0800

On Tue, Nov 05, 2024 at 10:58:47AM +0800, Gary Lin wrote:
> On Mon, Nov 04, 2024 at 01:20:45PM -0500, Stefan Berger wrote:
> > 
> > 
> > On 11/4/24 2:31 AM, Gary Lin via Grub-devel wrote:
> > > This commit adds the necessary TPM2 types and structs as the preparation
> > > for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
> > > functions are also added to handle the data structure to be submitted to
> > > TPM2 commands and to be received from the response.
> > > 
> > > Cc: Stefan Berger <stefanb@linux.ibm.com>
> > > Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
> > > Signed-off-by: Gary Lin <glin@suse.com>
> > > Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> > > ---
> > >   grub-core/lib/tss2/tss2_mu.c      | 1174 +++++++++++++++++++++++++++++
> > >   grub-core/lib/tss2/tss2_mu.h      |  397 ++++++++++
> > >   grub-core/lib/tss2/tss2_structs.h |  796 +++++++++++++++++++
> > >   grub-core/lib/tss2/tss2_types.h   |  404 ++++++++++
> > >   4 files changed, 2771 insertions(+)
> > >   create mode 100644 grub-core/lib/tss2/tss2_mu.c
> > >   create mode 100644 grub-core/lib/tss2/tss2_mu.h
> > >   create mode 100644 grub-core/lib/tss2/tss2_structs.h
> > >   create mode 100644 grub-core/lib/tss2/tss2_types.h
> > > 
> > 
> > > +
> > > +/* Buffer Size Constants */
> > > +#define TPM_MAX_PCRS                      32
> > 
> > This should be 24 and it seems that it can be changed easily.
> > 
> It is from tpm2-tss:
> https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_tpm2_types.h#L25
> 
> I'm still trying to find out where the number is from.
> 
tpm2-tss set the value without a clear explanation:
https://github.com/tpm2-software/tpm2-tss/commit/35750de13af0b2aa4e82e24308a99c7e0f06c961#diff-2540f5a71a43e69031c4dcb091bc9356f54d0936a5f31bdc8b8d4d07612c419eR50

There were IMPLEMENTATION_PCR(24) and PLATFORM_PCR(24) to indicate the number
of PCRs. Those two constants were removed and then MAX_PCRS was set as 32 in
the commit.

On the other hand, the TPM 2.0 library spec only mentions that the platform
specific spec can define the minimum number of PCR, and "32" is only used as
an example for TPMS_PCR_SELECTION.

  EXAMPLE 3

  If the applicable platform-specific specification requires that the TPM
  have a minimum of 24 PCR but the TPM implements 32, then a PCR select of 3
  octets would imply that PCR 24-31 are not selected.

In "4.6 PCR Requirement" of "TCG PC Client Platform TPM Profile Specification
for TPM 2.0", it defines the minimum number of PCRs is 24.

  A conformant TPM SHALL allow an allocation of a minimum of 24 PCRs,
  0-23, within all allocated bank.

It seems to me that there is no static maximum number of PCRs is defined.

Anyway, I'll change TPM_MAX_PCRS to 24. For bootloaders, only the PCRs
for SRTM, i.e. 0~15, really matter, so supporting 24 PCRs is enough.

Gary Lin

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v21 11/33] asn1_test: return either 0 or 1 to reflect the results, (continued)
- [PATCH v21 11/33] asn1_test: return either 0 or 1 to reflect the results, Gary Lin, 2024/11/04
- [PATCH v21 10/33] asn1_test: rename the main functions to the test names, Gary Lin, 2024/11/04
- [PATCH v21 12/33] asn1_test: remove 'verbose' and the unnecessary printf(), Gary Lin, 2024/11/04
- [PATCH v21 17/33] asn1_test: test module for libtasn1, Gary Lin, 2024/11/04
- [PATCH v21 20/33] tss2: Add TPM2 buffer handling functions, Gary Lin, 2024/11/04
- [PATCH v21 18/33] libtasn1: Add the documentation, Gary Lin, 2024/11/04
- [PATCH v21 19/33] key_protector: Add key protectors framework, Gary Lin, 2024/11/04
- [PATCH v21 21/33] tss2: Add TPM2 types and Marshal/Unmarshal functions, Gary Lin, 2024/11/04
  - Re: [PATCH v21 21/33] tss2: Add TPM2 types and Marshal/Unmarshal functions, Stefan Berger, 2024/11/04
    - Re: [PATCH v21 21/33] tss2: Add TPM2 types and Marshal/Unmarshal functions, Gary Lin, 2024/11/04
    - Re: [PATCH v21 21/33] tss2: Add TPM2 types and Marshal/Unmarshal functions, Gary Lin <=
- [PATCH v21 22/33] tss2: Add TPM2 Software Stack (TSS2) support, Gary Lin, 2024/11/04
  - Re: [PATCH v21 22/33] tss2: Add TPM2 Software Stack (TSS2) support, Stefan Berger, 2024/11/04
- [PATCH v21 23/33] key_protector: Add TPM2 Key Protector, Gary Lin, 2024/11/04
  - Re: [PATCH v21 23/33] key_protector: Add TPM2 Key Protector, Stefan Berger, 2024/11/04
    - Re: [PATCH v21 23/33] key_protector: Add TPM2 Key Protector, Gary Lin, 2024/11/05
- [PATCH v21 24/33] cryptodisk: Support key protectors, Gary Lin, 2024/11/04
- [PATCH v21 25/33] util/grub-protect: Add new tool, Gary Lin, 2024/11/04
  - Re: [PATCH v21 25/33] util/grub-protect: Add new tool, Stefan Berger, 2024/11/04
    - Re: [PATCH v21 25/33] util/grub-protect: Add new tool, Gary Lin, 2024/11/05
  - Re: [PATCH v21 25/33] util/grub-protect: Add new tool, Daniel Kiper, 2024/11/05

Prev by Date: Re: [PATCH v21 21/33] tss2: Add TPM2 types and Marshal/Unmarshal functions
Next by Date: Re: [PATCH v21 23/33] key_protector: Add TPM2 Key Protector
Previous by thread: Re: [PATCH v21 21/33] tss2: Add TPM2 types and Marshal/Unmarshal functions
Next by thread: [PATCH v21 22/33] tss2: Add TPM2 Software Stack (TSS2) support
Index(es):
- Date
- Thread