diff options
| author | Ilya Smirnov <ismirno@us.ibm.com> | 2019-03-22 15:15:23 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2019-03-26 17:02:22 -0500 |
| commit | c7534ed92a2d422c68475f306feb35fac943b9c3 (patch) | |
| tree | e5acb9ed7ad033e7c9c2961390588cc9e3d355c0 /src/usr/secureboot | |
| parent | f6ddb6dc19f8de17642b650a15b2f7a2b9a8b94d (diff) | |
| download | talos-hostboot-c7534ed92a2d422c68475f306feb35fac943b9c3.tar.gz talos-hostboot-c7534ed92a2d422c68475f306feb35fac943b9c3.zip | |
Secureboot: Enhanced Nomdecomm: Quote Fix
PCR8 was erroneously being included in the quote response from the TPM. We
don't actually want to read out PCR8 in hostboot firmware. This change
excludes PCR8 from the quote process.
Change-Id: Ib2ace53b157b64b6a5dac392b0304b31765d7afb
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/74895
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot')
| -rw-r--r-- | src/usr/secureboot/trusted/trustedbootCmds.C | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/secureboot/trusted/trustedbootCmds.C b/src/usr/secureboot/trusted/trustedbootCmds.C index 5040cadab..604757b7a 100644 --- a/src/usr/secureboot/trusted/trustedbootCmds.C +++ b/src/usr/secureboot/trusted/trustedbootCmds.C @@ -1465,7 +1465,7 @@ errlHndl_t tpmCmdGenerateQuote(TpmTarget* i_target, memset(l_cmd->quoteData.pcrSelection.pcrSelections[0].pcrSelect, 0, sizeof(l_cmd->quoteData.pcrSelection.pcrSelections[0].pcrSelect)); - for(size_t i = PCR_0; i <= FW_USED_PCR_COUNT; ++i) + for(size_t i = PCR_0; i < FW_USED_PCR_COUNT; ++i) { l_cmd->quoteData.pcrSelection.pcrSelections[0].pcrSelect[i/8] |= 0x01 << (i % 8); |
