You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
307 lines
17 KiB
307 lines
17 KiB
7 months ago
|
From 8e4e838d22ef7e462fa97f8d77e3d8c3904b2dba Mon Sep 17 00:00:00 2001
|
||
|
From: Dan Streetman <ddstreet@ieee.org>
|
||
|
Date: Wed, 12 Jul 2023 22:14:18 -0400
|
||
|
Subject: [PATCH] tpm2: change tpm2_calculate_policy_pcr(),
|
||
|
tpm2_calculate_sealing_policy() to use Tpm2PCRValue array
|
||
|
|
||
|
An array of Tpm2PCRValue objects effectively replaces a TPML_PCR_SELECTION
|
||
|
object combined with an array of (properly ordered) TPM2B_DIGEST objects.
|
||
|
|
||
|
Also update tpm2_calculate_sealing_policy() pin parameter to boolean use_pin,
|
||
|
since the function does not need to know the pin value, only if a pin is being
|
||
|
used.
|
||
|
|
||
|
(cherry picked from commit 6e8fb3ad5ff2dab03b9e2b189adaf463c06a8101)
|
||
|
|
||
|
Related: RHEL-16182
|
||
|
---
|
||
|
src/boot/measure.c | 15 ++++----
|
||
|
src/shared/tpm2-util.c | 51 ++++++++++++--------------
|
||
|
src/shared/tpm2-util.h | 2 +-
|
||
|
src/test/test-tpm2.c | 82 +++++++++++++++++++++++-------------------
|
||
|
4 files changed, 74 insertions(+), 76 deletions(-)
|
||
|
|
||
|
diff --git a/src/boot/measure.c b/src/boot/measure.c
|
||
|
index 5ce3049147..1d696e1bd9 100644
|
||
|
--- a/src/boot/measure.c
|
||
|
+++ b/src/boot/measure.c
|
||
|
@@ -799,23 +799,20 @@ static int verb_sign(int argc, char *argv[], void *userdata) {
|
||
|
if (tpmalg < 0)
|
||
|
return log_error_errno(tpmalg, "Unsupported PCR bank");
|
||
|
|
||
|
- TPML_PCR_SELECTION pcr_selection;
|
||
|
- tpm2_tpml_pcr_selection_from_mask(1 << TPM_PCR_INDEX_KERNEL_IMAGE,
|
||
|
- tpmalg,
|
||
|
- &pcr_selection);
|
||
|
-
|
||
|
- TPM2B_DIGEST pcr_values = {
|
||
|
+ TPM2B_DIGEST pcr_digest = {
|
||
|
.size = p->value_size,
|
||
|
};
|
||
|
- assert(sizeof(pcr_values.buffer) >= p->value_size);
|
||
|
- memcpy_safe(pcr_values.buffer, p->value, p->value_size);
|
||
|
+ assert(sizeof(pcr_digest.buffer) >= p->value_size);
|
||
|
+ memcpy_safe(pcr_digest.buffer, p->value, p->value_size);
|
||
|
+
|
||
|
+ Tpm2PCRValue pcr_value = TPM2_PCR_VALUE_MAKE(TPM_PCR_INDEX_KERNEL_IMAGE, tpmalg, pcr_digest);
|
||
|
|
||
|
TPM2B_DIGEST pcr_policy_digest;
|
||
|
r = tpm2_digest_init(TPM2_ALG_SHA256, &pcr_policy_digest);
|
||
|
if (r < 0)
|
||
|
return r;
|
||
|
|
||
|
- r = tpm2_calculate_policy_pcr(&pcr_selection, &pcr_values, 1, &pcr_policy_digest);
|
||
|
+ r = tpm2_calculate_policy_pcr(&pcr_value, 1, &pcr_policy_digest);
|
||
|
if (r < 0)
|
||
|
return r;
|
||
|
|
||
|
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
|
||
|
index c3e1ca8f3a..50a01f55a6 100644
|
||
|
--- a/src/shared/tpm2-util.c
|
||
|
+++ b/src/shared/tpm2-util.c
|
||
|
@@ -3152,8 +3152,7 @@ static int tpm2_policy_auth_value(
|
||
|
|
||
|
/* Extend 'digest' with the PolicyPCR calculated hash. */
|
||
|
int tpm2_calculate_policy_pcr(
|
||
|
- const TPML_PCR_SELECTION *pcr_selection,
|
||
|
- const TPM2B_DIGEST pcr_values[],
|
||
|
+ const Tpm2PCRValue *pcr_values,
|
||
|
size_t n_pcr_values,
|
||
|
TPM2B_DIGEST *digest) {
|
||
|
|
||
|
@@ -3161,7 +3160,6 @@ int tpm2_calculate_policy_pcr(
|
||
|
TSS2_RC rc;
|
||
|
int r;
|
||
|
|
||
|
- assert(pcr_selection);
|
||
|
assert(pcr_values || n_pcr_values == 0);
|
||
|
assert(digest);
|
||
|
assert(digest->size == SHA256_DIGEST_SIZE);
|
||
|
@@ -3170,13 +3168,20 @@ int tpm2_calculate_policy_pcr(
|
||
|
if (r < 0)
|
||
|
return log_error_errno(r, "TPM2 support not installed: %m");
|
||
|
|
||
|
+ TPML_PCR_SELECTION pcr_selection;
|
||
|
+ _cleanup_free_ TPM2B_DIGEST *values = NULL;
|
||
|
+ size_t n_values;
|
||
|
+ r = tpm2_tpml_pcr_selection_from_pcr_values(pcr_values, n_pcr_values, &pcr_selection, &values, &n_values);
|
||
|
+ if (r < 0)
|
||
|
+ return log_error_errno(r, "Could not convert PCR values to TPML_PCR_SELECTION: %m");
|
||
|
+
|
||
|
TPM2B_DIGEST hash = {};
|
||
|
- r = tpm2_digest_many_digests(TPM2_ALG_SHA256, &hash, pcr_values, n_pcr_values, /* extend= */ false);
|
||
|
+ r = tpm2_digest_many_digests(TPM2_ALG_SHA256, &hash, values, n_values, /* extend= */ false);
|
||
|
if (r < 0)
|
||
|
return r;
|
||
|
|
||
|
_cleanup_free_ uint8_t *buf = NULL;
|
||
|
- size_t size = 0, maxsize = sizeof(command) + sizeof(*pcr_selection);
|
||
|
+ size_t size = 0, maxsize = sizeof(command) + sizeof(pcr_selection);
|
||
|
|
||
|
buf = malloc(maxsize);
|
||
|
if (!buf)
|
||
|
@@ -3187,7 +3192,7 @@ int tpm2_calculate_policy_pcr(
|
||
|
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
||
|
"Failed to marshal PolicyPCR command: %s", sym_Tss2_RC_Decode(rc));
|
||
|
|
||
|
- rc = sym_Tss2_MU_TPML_PCR_SELECTION_Marshal(pcr_selection, buf, maxsize, &size);
|
||
|
+ rc = sym_Tss2_MU_TPML_PCR_SELECTION_Marshal(&pcr_selection, buf, maxsize, &size);
|
||
|
if (rc != TSS2_RC_SUCCESS)
|
||
|
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
||
|
"Failed to marshal PCR selection: %s", sym_Tss2_RC_Decode(rc));
|
||
|
@@ -3413,15 +3418,15 @@ static int tpm2_policy_authorize(
|
||
|
|
||
|
/* Extend 'digest' with the calculated policy hash. */
|
||
|
static int tpm2_calculate_sealing_policy(
|
||
|
- const TPML_PCR_SELECTION *hash_pcr_selection,
|
||
|
- const TPM2B_DIGEST *hash_pcr_values,
|
||
|
- size_t n_hash_pcr_values,
|
||
|
+ const Tpm2PCRValue *pcr_values,
|
||
|
+ size_t n_pcr_values,
|
||
|
const TPM2B_PUBLIC *public,
|
||
|
- const char *pin,
|
||
|
+ bool use_pin,
|
||
|
TPM2B_DIGEST *digest) {
|
||
|
|
||
|
int r;
|
||
|
|
||
|
+ assert(pcr_values || n_pcr_values == 0);
|
||
|
assert(digest);
|
||
|
|
||
|
if (public) {
|
||
|
@@ -3430,13 +3435,13 @@ static int tpm2_calculate_sealing_policy(
|
||
|
return r;
|
||
|
}
|
||
|
|
||
|
- if (hash_pcr_selection && !tpm2_tpml_pcr_selection_is_empty(hash_pcr_selection)) {
|
||
|
- r = tpm2_calculate_policy_pcr(hash_pcr_selection, hash_pcr_values, n_hash_pcr_values, digest);
|
||
|
+ if (n_pcr_values > 0) {
|
||
|
+ r = tpm2_calculate_policy_pcr(pcr_values, n_pcr_values, digest);
|
||
|
if (r < 0)
|
||
|
return r;
|
||
|
}
|
||
|
|
||
|
- if (pin) {
|
||
|
+ if (use_pin) {
|
||
|
r = tpm2_calculate_policy_auth_value(digest);
|
||
|
if (r < 0)
|
||
|
return r;
|
||
|
@@ -3567,28 +3572,17 @@ int tpm2_seal(const char *device,
|
||
|
return r;
|
||
|
}
|
||
|
|
||
|
- TPML_PCR_SELECTION hash_pcr_selection = {};
|
||
|
- _cleanup_free_ TPM2B_DIGEST *hash_pcr_values = NULL;
|
||
|
+ _cleanup_free_ Tpm2PCRValue *hash_pcr_values = NULL;
|
||
|
size_t n_hash_pcr_values;
|
||
|
if (hash_pcr_mask) {
|
||
|
/* For now, we just read the current values from the system; we need to be able to specify
|
||
|
* expected values, eventually. */
|
||
|
+ TPML_PCR_SELECTION hash_pcr_selection;
|
||
|
tpm2_tpml_pcr_selection_from_mask(hash_pcr_mask, pcr_bank, &hash_pcr_selection);
|
||
|
|
||
|
- _cleanup_free_ Tpm2PCRValue *pcr_values = NULL;
|
||
|
- size_t n_pcr_values;
|
||
|
- r = tpm2_pcr_read(c, &hash_pcr_selection, &pcr_values, &n_pcr_values);
|
||
|
+ r = tpm2_pcr_read(c, &hash_pcr_selection, &hash_pcr_values, &n_hash_pcr_values);
|
||
|
if (r < 0)
|
||
|
return r;
|
||
|
-
|
||
|
- r = tpm2_tpml_pcr_selection_from_pcr_values(
|
||
|
- pcr_values,
|
||
|
- n_pcr_values,
|
||
|
- &hash_pcr_selection,
|
||
|
- &hash_pcr_values,
|
||
|
- &n_hash_pcr_values);
|
||
|
- if (r < 0)
|
||
|
- return log_error_errno(r, "Could not get PCR selection from values: %m");
|
||
|
}
|
||
|
|
||
|
TPM2B_PUBLIC pubkey_tpm2, *authorize_key = NULL;
|
||
|
@@ -3605,11 +3599,10 @@ int tpm2_seal(const char *device,
|
||
|
return r;
|
||
|
|
||
|
r = tpm2_calculate_sealing_policy(
|
||
|
- &hash_pcr_selection,
|
||
|
hash_pcr_values,
|
||
|
n_hash_pcr_values,
|
||
|
authorize_key,
|
||
|
- pin,
|
||
|
+ !!pin,
|
||
|
&policy_digest);
|
||
|
if (r < 0)
|
||
|
return r;
|
||
|
diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
|
||
|
index cecf35af4d..c6e9339e0e 100644
|
||
|
--- a/src/shared/tpm2-util.h
|
||
|
+++ b/src/shared/tpm2-util.h
|
||
|
@@ -148,7 +148,7 @@ void tpm2_log_debug_name(const TPM2B_NAME *name, const char *msg);
|
||
|
int tpm2_calculate_name(const TPMT_PUBLIC *public, TPM2B_NAME *ret_name);
|
||
|
int tpm2_calculate_policy_auth_value(TPM2B_DIGEST *digest);
|
||
|
int tpm2_calculate_policy_authorize(const TPM2B_PUBLIC *public, const TPM2B_DIGEST *policy_ref, TPM2B_DIGEST *digest);
|
||
|
-int tpm2_calculate_policy_pcr(const TPML_PCR_SELECTION *pcr_selection, const TPM2B_DIGEST pcr_values[], size_t pcr_values_count, TPM2B_DIGEST *digest);
|
||
|
+int tpm2_calculate_policy_pcr(const Tpm2PCRValue *pcr_values, size_t n_pcr_values, TPM2B_DIGEST *digest);
|
||
|
|
||
|
int tpm2_seal(const char *device, uint32_t hash_pcr_mask, const void *pubkey, size_t pubkey_size, uint32_t pubkey_pcr_mask, const char *pin, void **ret_secret, size_t *ret_secret_size, void **ret_blob, size_t *ret_blob_size, void **ret_pcr_hash, size_t *ret_pcr_hash_size, uint16_t *ret_pcr_bank, uint16_t *ret_primary_alg, void **ret_srk_buf, size_t *ret_srk_buf_size);
|
||
|
int tpm2_unseal(const char *device, uint32_t hash_pcr_mask, uint16_t pcr_bank, const void *pubkey, size_t pubkey_size, uint32_t pubkey_pcr_mask, JsonVariant *signature, const char *pin, uint16_t primary_alg, const void *blob, size_t blob_size, const void *policy_hash, size_t policy_hash_size, const void *srk_buf, size_t srk_buf_size, void **ret_secret, size_t *ret_secret_size);
|
||
|
diff --git a/src/test/test-tpm2.c b/src/test/test-tpm2.c
|
||
|
index c61bbf6d94..8a4e9f5142 100644
|
||
|
--- a/src/test/test-tpm2.c
|
||
|
+++ b/src/test/test-tpm2.c
|
||
|
@@ -618,50 +618,58 @@ TEST(calculate_policy_authorize) {
|
||
|
}
|
||
|
|
||
|
TEST(calculate_policy_pcr) {
|
||
|
- TPML_PCR_SELECTION pcr_selection;
|
||
|
- TPM2B_DIGEST pcr_values[16];
|
||
|
- TPM2B_DIGEST d;
|
||
|
- uint32_t pcr_mask;
|
||
|
+ TPM2B_DIGEST d, dN[16];
|
||
|
+
|
||
|
+ digest_init_sha256(&dN[ 0], "2124793cbbe60c3a8637d3b84a5d054e87c351e1469a285acc04755e8b204dec");
|
||
|
+ digest_init_sha256(&dN[ 1], "bf7592f18adcfdc549fc0b94939f5069a24697f9cff4a0dca29014767b97559d");
|
||
|
+ digest_init_sha256(&dN[ 2], "4b00cff9dee3a364979b2dc241b34568a8ad49fcf2713df259e47dff8875feed");
|
||
|
+ digest_init_sha256(&dN[ 3], "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969");
|
||
|
+ digest_init_sha256(&dN[ 4], "368f85b3013041dfe203faaa364f00b07c5da7b1e5f1dbf2efb06fa6b9bd92de");
|
||
|
+ digest_init_sha256(&dN[ 5], "c97c40369691c8e4aa78fb3a52655cd193b780a838b8e23f5f476576919db5e5");
|
||
|
+ digest_init_sha256(&dN[ 6], "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969");
|
||
|
+ digest_init_sha256(&dN[ 7], "aa1154c9e0a774854ccbed4c8ce7e9b906b3d700a1a8db1772d0341a62dbe51b");
|
||
|
+ digest_init_sha256(&dN[ 8], "cfde439a2c06af3479ca6bdc60429b90553d65300c5cfcc40004a08c6b5ad81a");
|
||
|
+ digest_init_sha256(&dN[ 9], "9c2bac22ef5ec84fcdb71c3ebf776cba1247e5da980e5ee08e45666a2edf0b8b");
|
||
|
+ digest_init_sha256(&dN[10], "9885873f4d7348199ad286f8f2476d4f866940950f6f9fb9f945ed352dbdcbd2");
|
||
|
+ digest_init_sha256(&dN[11], "42400ab950d21aa79d12cc4fdef67d1087a39ad64900619831c0974dbae54e44");
|
||
|
+ digest_init_sha256(&dN[12], "767d064382e56ca1ad3bdcc6bc596112e6c2008b593d3570d24c2bfa64c4628c");
|
||
|
+ digest_init_sha256(&dN[13], "30c16133175959408c9745d8dafadef5daf4b39cb2be04df0d60089bd46d3cc4");
|
||
|
+ digest_init_sha256(&dN[14], "e3991b7ddd47be7e92726a832d6874c5349b52b789fa0db8b558c69fea29574e");
|
||
|
+ digest_init_sha256(&dN[15], "852dae3ecb992bdeb13d6002fefeeffdd90feca8b378d56681ef2c885d0e5137");
|
||
|
|
||
|
digest_init_sha256(&d, "0000000000000000000000000000000000000000000000000000000000000000");
|
||
|
- pcr_mask = (1<<4) | (1<<7) | (1<<8);
|
||
|
- tpm2_tpml_pcr_selection_from_mask(pcr_mask, TPM2_ALG_SHA256, &pcr_selection);
|
||
|
- digest_init_sha256(&pcr_values[0], "368f85b3013041dfe203faaa364f00b07c5da7b1e5f1dbf2efb06fa6b9bd92de");
|
||
|
- digest_init_sha256(&pcr_values[1], "aa1154c9e0a774854ccbed4c8ce7e9b906b3d700a1a8db1772d0341a62dbe51b");
|
||
|
- digest_init_sha256(&pcr_values[2], "cfde439a2c06af3479ca6bdc60429b90553d65300c5cfcc40004a08c6b5ad81a");
|
||
|
- assert_se(tpm2_calculate_policy_pcr(&pcr_selection, pcr_values, 3, &d) == 0);
|
||
|
+ Tpm2PCRValue v1[] = {
|
||
|
+ TPM2_PCR_VALUE_MAKE(4, TPM2_ALG_SHA256, dN[4]),
|
||
|
+ TPM2_PCR_VALUE_MAKE(7, TPM2_ALG_SHA256, dN[7]),
|
||
|
+ TPM2_PCR_VALUE_MAKE(8, TPM2_ALG_SHA256, dN[8]),
|
||
|
+ };
|
||
|
+ assert_se(tpm2_calculate_policy_pcr(v1, ELEMENTSOF(v1), &d) == 0);
|
||
|
assert_se(digest_check(&d, "76532a0e16f7e6bf6b02918c11f75d99d729fab0cc81d0df2c4284a2c4fe6e05"));
|
||
|
-
|
||
|
- pcr_mask = (1<<4) | (1<<7) | (1<<8);
|
||
|
- tpm2_tpml_pcr_selection_from_mask(pcr_mask, TPM2_ALG_SHA256, &pcr_selection);
|
||
|
- digest_init_sha256(&pcr_values[0], "368f85b3013041dfe203faaa364f00b07c5da7b1e5f1dbf2efb06fa6b9bd92de");
|
||
|
- digest_init_sha256(&pcr_values[1], "aa1154c9e0a774854ccbed4c8ce7e9b906b3d700a1a8db1772d0341a62dbe51b");
|
||
|
- digest_init_sha256(&pcr_values[2], "cfde439a2c06af3479ca6bdc60429b90553d65300c5cfcc40004a08c6b5ad81a");
|
||
|
- assert_se(tpm2_calculate_policy_pcr(&pcr_selection, pcr_values, 3, &d) == 0);
|
||
|
+ assert_se(tpm2_calculate_policy_pcr(v1, ELEMENTSOF(v1), &d) == 0);
|
||
|
assert_se(digest_check(&d, "97e64bcabb64c1fa4b726528644926c8029f5b4458b0575c98c04fe225629a0b"));
|
||
|
|
||
|
digest_init_sha256(&d, "0000000000000000000000000000000000000000000000000000000000000000");
|
||
|
- pcr_mask = 0xffff;
|
||
|
- tpm2_tpml_pcr_selection_from_mask(pcr_mask, TPM2_ALG_SHA256, &pcr_selection);
|
||
|
- digest_init_sha256(&pcr_values[ 0], "2124793cbbe60c3a8637d3b84a5d054e87c351e1469a285acc04755e8b204dec");
|
||
|
- digest_init_sha256(&pcr_values[ 1], "bf7592f18adcfdc549fc0b94939f5069a24697f9cff4a0dca29014767b97559d");
|
||
|
- digest_init_sha256(&pcr_values[ 2], "4b00cff9dee3a364979b2dc241b34568a8ad49fcf2713df259e47dff8875feed");
|
||
|
- digest_init_sha256(&pcr_values[ 3], "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969");
|
||
|
- digest_init_sha256(&pcr_values[ 4], "368f85b3013041dfe203faaa364f00b07c5da7b1e5f1dbf2efb06fa6b9bd92de");
|
||
|
- digest_init_sha256(&pcr_values[ 5], "c97c40369691c8e4aa78fb3a52655cd193b780a838b8e23f5f476576919db5e5");
|
||
|
- digest_init_sha256(&pcr_values[ 6], "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969");
|
||
|
- digest_init_sha256(&pcr_values[ 7], "aa1154c9e0a774854ccbed4c8ce7e9b906b3d700a1a8db1772d0341a62dbe51b");
|
||
|
- digest_init_sha256(&pcr_values[ 8], "cfde439a2c06af3479ca6bdc60429b90553d65300c5cfcc40004a08c6b5ad81a");
|
||
|
- digest_init_sha256(&pcr_values[ 9], "9c2bac22ef5ec84fcdb71c3ebf776cba1247e5da980e5ee08e45666a2edf0b8b");
|
||
|
- digest_init_sha256(&pcr_values[10], "9885873f4d7348199ad286f8f2476d4f866940950f6f9fb9f945ed352dbdcbd2");
|
||
|
- digest_init_sha256(&pcr_values[11], "42400ab950d21aa79d12cc4fdef67d1087a39ad64900619831c0974dbae54e44");
|
||
|
- digest_init_sha256(&pcr_values[12], "767d064382e56ca1ad3bdcc6bc596112e6c2008b593d3570d24c2bfa64c4628c");
|
||
|
- digest_init_sha256(&pcr_values[13], "30c16133175959408c9745d8dafadef5daf4b39cb2be04df0d60089bd46d3cc4");
|
||
|
- digest_init_sha256(&pcr_values[14], "e3991b7ddd47be7e92726a832d6874c5349b52b789fa0db8b558c69fea29574e");
|
||
|
- digest_init_sha256(&pcr_values[15], "852dae3ecb992bdeb13d6002fefeeffdd90feca8b378d56681ef2c885d0e5137");
|
||
|
- assert_se(tpm2_calculate_policy_pcr(&pcr_selection, pcr_values, 16, &d) == 0);
|
||
|
+ Tpm2PCRValue v2[] = {
|
||
|
+ TPM2_PCR_VALUE_MAKE( 0, TPM2_ALG_SHA256, dN[ 0]),
|
||
|
+ TPM2_PCR_VALUE_MAKE( 1, TPM2_ALG_SHA256, dN[ 1]),
|
||
|
+ TPM2_PCR_VALUE_MAKE( 2, TPM2_ALG_SHA256, dN[ 2]),
|
||
|
+ TPM2_PCR_VALUE_MAKE( 3, TPM2_ALG_SHA256, dN[ 3]),
|
||
|
+ TPM2_PCR_VALUE_MAKE( 4, TPM2_ALG_SHA256, dN[ 4]),
|
||
|
+ TPM2_PCR_VALUE_MAKE( 5, TPM2_ALG_SHA256, dN[ 5]),
|
||
|
+ TPM2_PCR_VALUE_MAKE( 6, TPM2_ALG_SHA256, dN[ 6]),
|
||
|
+ TPM2_PCR_VALUE_MAKE( 7, TPM2_ALG_SHA256, dN[ 7]),
|
||
|
+ TPM2_PCR_VALUE_MAKE( 8, TPM2_ALG_SHA256, dN[ 8]),
|
||
|
+ TPM2_PCR_VALUE_MAKE( 9, TPM2_ALG_SHA256, dN[ 9]),
|
||
|
+ TPM2_PCR_VALUE_MAKE(10, TPM2_ALG_SHA256, dN[10]),
|
||
|
+ TPM2_PCR_VALUE_MAKE(11, TPM2_ALG_SHA256, dN[11]),
|
||
|
+ TPM2_PCR_VALUE_MAKE(12, TPM2_ALG_SHA256, dN[12]),
|
||
|
+ TPM2_PCR_VALUE_MAKE(13, TPM2_ALG_SHA256, dN[13]),
|
||
|
+ TPM2_PCR_VALUE_MAKE(14, TPM2_ALG_SHA256, dN[14]),
|
||
|
+ TPM2_PCR_VALUE_MAKE(15, TPM2_ALG_SHA256, dN[15]),
|
||
|
+ };
|
||
|
+ assert_se(tpm2_calculate_policy_pcr(v2, ELEMENTSOF(v2), &d) == 0);
|
||
|
assert_se(digest_check(&d, "22be4f1674f792d6345cea9427701068f0e8d9f42755dcc0e927e545a68f9c13"));
|
||
|
- assert_se(tpm2_calculate_policy_pcr(&pcr_selection, pcr_values, 16, &d) == 0);
|
||
|
+ assert_se(tpm2_calculate_policy_pcr(v2, ELEMENTSOF(v2), &d) == 0);
|
||
|
assert_se(digest_check(&d, "7481fd1b116078eb3ac2456e4ad542c9b46b9b8eb891335771ca8e7c8f8e4415"));
|
||
|
}
|
||
|
|