On 11/18/2018 8:32 AM, Jarkko Sakkinen wrote:
On Fri, Nov 16, 2018 at 05:06:48PM +0100, Roberto Sassu wrote:
On 11/16/2018 2:41 PM, Jarkko Sakkinen wrote:
On Wed, Nov 14, 2018 at 04:31:07PM +0100, Roberto Sassu wrote:
This patch protects against data corruption that could happen in the bus, by checking that that the digest size returned by the TPM during a PCR read matches the size of the algorithm passed to tpm2_pcr_read().
This check is performed after information about the PCR banks has been retrieved.
Signed-off-by: Roberto Sassu roberto.sassu@huawei.com Reviewed-by: Jarkko Sakkinen jarkko.sakkinen@linux.intel.com Cc: stable@vger.kernel.org
Missing fixes tag.
Before this patch set, tpm2_pcr_extend() always copied 20 bytes from the output sent by the TPM.
Roberto
Aah, right, of course. Well the patch set is ATM somewhat broken because this would require a fixes tag that points to a patch insdie the patch set.
Probably good way to fix the issue is to just merge this with the earlier commit.
Unfortunately, it is not possible. The exact digest size has been introduced with patch 5/7.
Roberto
/Jarkko