From 3dab5531b1dfd252d5ede21659c2ea32a2e6ce74 Mon Sep 17 00:00:00 2001 From: nikstur Date: Thu, 14 Sep 2023 15:04:06 +0200 Subject: [PATCH] stub: remove TPM 1 support TPM 1 will not be supported by newer systemd versions and is not widely available anyways. --- rust/uefi/Cargo.lock | 7 ----- rust/uefi/linux-bootloader/Cargo.toml | 3 -- rust/uefi/linux-bootloader/src/tpm.rs | 45 ++------------------------- 3 files changed, 2 insertions(+), 53 deletions(-) diff --git a/rust/uefi/Cargo.lock b/rust/uefi/Cargo.lock index bc826d3..67d679c 100644 --- a/rust/uefi/Cargo.lock +++ b/rust/uefi/Cargo.lock @@ -103,7 +103,6 @@ dependencies = [ "bitflags", "goblin", "log", - "sha1_smol", "uefi", ] @@ -177,12 +176,6 @@ dependencies = [ "syn 2.0.32", ] -[[package]] -name = "sha1_smol" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" - [[package]] name = "sha2" version = "0.10.7" diff --git a/rust/uefi/linux-bootloader/Cargo.toml b/rust/uefi/linux-bootloader/Cargo.toml index b4b002e..0f3a5a8 100644 --- a/rust/uefi/linux-bootloader/Cargo.toml +++ b/rust/uefi/linux-bootloader/Cargo.toml @@ -19,8 +19,5 @@ bitflags = "2.3.3" # Even in debug builds, we don't enable the debug logs, because they generate a lot of spam from goblin. log = { version = "0.4.19", default-features = false, features = [ "max_level_info", "release_max_level_warn" ]} -# SHA1 for TPM TCG interface version 1. -sha1_smol = "1.0.0" - [badges] maintenance = { status = "actively-developed" } diff --git a/rust/uefi/linux-bootloader/src/tpm.rs b/rust/uefi/linux-bootloader/src/tpm.rs index a905516..a75157c 100644 --- a/rust/uefi/linux-bootloader/src/tpm.rs +++ b/rust/uefi/linux-bootloader/src/tpm.rs @@ -3,10 +3,7 @@ use core::mem::{self, MaybeUninit}; use log::warn; use uefi::{ prelude::BootServices, - proto::tcg::{ - v1::{self, Sha1Digest}, - v2, EventType, PcrIndex, - }, + proto::tcg::{v2, EventType, PcrIndex}, table::boot::ScopedProtocol, }; @@ -32,24 +29,8 @@ fn open_capable_tpm2(boot_services: &BootServices) -> uefi::Result uefi::Result> { - let tpm_handle = boot_services.get_handle_for_protocol::()?; - let mut tpm_protocol = boot_services.open_protocol_exclusive::(tpm_handle)?; - - let status_check = tpm_protocol.status_check()?; - - if status_check.protocol_capability.tpm_deactivated() - || !status_check.protocol_capability.tpm_present() - { - warn!("Capability `TPM present` is not there or `TPM deactivated` is there for the existing TPM TCGv1 protocol"); - return Err(uefi::Status::UNSUPPORTED.into()); - } - - Ok(tpm_protocol) -} - pub fn tpm_available(boot_services: &BootServices) -> bool { - open_capable_tpm2(boot_services).is_ok() || open_capable_tpm1(boot_services).is_ok() + open_capable_tpm2(boot_services).is_ok() } /// Log an event in the TPM with `buffer` as data. @@ -78,28 +59,6 @@ pub fn tpm_log_event_ascii( )?; // FIXME: what do we want as flags here? tpm2.hash_log_extend_event(Default::default(), buffer, event)?; - } else if let Ok(mut tpm1) = open_capable_tpm1(boot_services) { - let required_size = mem::size_of::() - + mem::size_of::() - + mem::size_of::() - + mem::size_of::() - + description.len(); - - let mut event_buffer = vec![MaybeUninit::::uninit(); required_size]; - - // Compute sha1 of the event data - let mut m = sha1_smol::Sha1::new(); - m.update(description.as_bytes()); - - let event = v1::PcrEvent::new_in_buffer( - event_buffer.as_mut_slice(), - pcr_index, - EventType::IPL, - m.digest().bytes(), - description.as_bytes(), - )?; - - tpm1.hash_log_extend_event(event, Some(buffer))?; } Ok(true)