From c7534ed92a2d422c68475f306feb35fac943b9c3 Mon Sep 17 00:00:00 2001
From: Ilya Smirnov <ismirno@us.ibm.com>
Date: Fri, 22 Mar 2019 15:15:23 -0500
Subject: Secureboot: Enhanced Nomdecomm: Quote Fix

PCR8 was erroneously being included in the quote response from the TPM. We
don't actually want to read out PCR8 in hostboot firmware. This change
excludes PCR8 from the quote process.

Change-Id: Ib2ace53b157b64b6a5dac392b0304b31765d7afb
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/74895
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
---
 src/usr/secureboot/trusted/trustedbootCmds.C | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/usr/secureboot/trusted/trustedbootCmds.C b/src/usr/secureboot/trusted/trustedbootCmds.C
index 5040cadab..604757b7a 100644
--- a/src/usr/secureboot/trusted/trustedbootCmds.C
+++ b/src/usr/secureboot/trusted/trustedbootCmds.C
@@ -1465,7 +1465,7 @@ errlHndl_t tpmCmdGenerateQuote(TpmTarget* i_target,
     memset(l_cmd->quoteData.pcrSelection.pcrSelections[0].pcrSelect, 0,
            sizeof(l_cmd->quoteData.pcrSelection.pcrSelections[0].pcrSelect));
 
-    for(size_t i = PCR_0; i <= FW_USED_PCR_COUNT; ++i)
+    for(size_t i = PCR_0; i < FW_USED_PCR_COUNT; ++i)
     {
         l_cmd->quoteData.pcrSelection.pcrSelections[0].pcrSelect[i/8] |=
             0x01 << (i % 8);
-- 
cgit v1.2.3