efi_loader: fix efi_tcg2_hash_log_extend_event() parameter check

TCG EFI Protocol Specification defines that PCRIndex parameter passed from caller must be 0 to 23. TPM2_MAX_PCRS is currently used to check the range of PCRIndex, but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value. This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to check the range of PCRIndex parameter. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-03 10:55:52 +09:00 · 2021-09-03 10:55:52 +09:00 · 538c0f2d37
commit 538c0f2d37
parent db3ed2cf9c
2 changed files with 3 additions and 1 deletions
--- a/include/efi_tcg2.h
+++ b/include/efi_tcg2.h
@ -28,6 +28,8 @@
 #define EFI_TCG2_EXTEND_ONLY 0x0000000000000001
 #define PE_COFF_IMAGE 0x0000000000000010

+#define EFI_TCG2_MAX_PCR_INDEX 23
+
 /* Algorithm Registry */
 #define EFI_TCG2_BOOT_HASH_ALG_SHA1    0x00000001
 #define EFI_TCG2_BOOT_HASH_ALG_SHA256  0x00000002
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@ -958,7 +958,7 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
 		goto out;
 	}

-	if (efi_tcg_event->header.pcr_index > TPM2_MAX_PCRS) {
+	if (efi_tcg_event->header.pcr_index > EFI_TCG2_MAX_PCR_INDEX) {
 		ret = EFI_INVALID_PARAMETER;
 		goto out;
 	}