Merge pull request #224 from nix-community/stub-remove-tpm1

stub: remove TPM 1 support
2023-09-14 13:26:25 +00:00 · 2023-09-14 13:26:25 +00:00 · 7f92dd1e7b
parent 1255f8fc49 3dab5531b1
commit 7f92dd1e7b
3 changed files with 2 additions and 53 deletions
--- a/rust/uefi/Cargo.lock
+++ b/rust/uefi/Cargo.lock
@ -103,7 +103,6 @@ dependencies = [
 "bitflags",
 "goblin",
 "log",
- "sha1_smol",
 "uefi",
 ]

@ -177,12 +176,6 @@ dependencies = [
 "syn 2.0.32",
 ]

-[[package]]
-name = "sha1_smol"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012"
-
 [[package]]
 name = "sha2"
 version = "0.10.7"
--- a/rust/uefi/linux-bootloader/Cargo.toml
+++ b/rust/uefi/linux-bootloader/Cargo.toml
@ -19,8 +19,5 @@ bitflags = "2.3.3"
 # Even in debug builds, we don't enable the debug logs, because they generate a lot of spam from goblin.
 log = { version = "0.4.19", default-features = false, features = [ "max_level_info", "release_max_level_warn" ]}

-# SHA1 for TPM TCG interface version 1.
-sha1_smol = "1.0.0"
-
 [badges]
 maintenance = { status = "actively-developed" }
--- a/rust/uefi/linux-bootloader/src/tpm.rs
+++ b/rust/uefi/linux-bootloader/src/tpm.rs
@ -3,10 +3,7 @@ use core::mem::{self, MaybeUninit};
 use log::warn;
 use uefi::{
    prelude::BootServices,
-    proto::tcg::{
-        v1::{self, Sha1Digest},
-        v2, EventType, PcrIndex,
-    },
+    proto::tcg::{v2, EventType, PcrIndex},
    table::boot::ScopedProtocol,
 };

@ -32,24 +29,8 @@ fn open_capable_tpm2(boot_services: &BootServices) -> uefi::Result<ScopedProtoco
    Ok(tpm_protocol)
 }

-fn open_capable_tpm1(boot_services: &BootServices) -> uefi::Result<ScopedProtocol<v1::Tcg>> {
-    let tpm_handle = boot_services.get_handle_for_protocol::<v1::Tcg>()?;
-    let mut tpm_protocol = boot_services.open_protocol_exclusive::<v1::Tcg>(tpm_handle)?;
-
-    let status_check = tpm_protocol.status_check()?;
-
-    if status_check.protocol_capability.tpm_deactivated()
-        || !status_check.protocol_capability.tpm_present()
-    {
-        warn!("Capability `TPM present` is not there or `TPM deactivated` is there for the existing TPM TCGv1 protocol");
-        return Err(uefi::Status::UNSUPPORTED.into());
-    }
-
-    Ok(tpm_protocol)
-}
-
 pub fn tpm_available(boot_services: &BootServices) -> bool {
-    open_capable_tpm2(boot_services).is_ok() || open_capable_tpm1(boot_services).is_ok()
+    open_capable_tpm2(boot_services).is_ok()
 }

 /// Log an event in the TPM with `buffer` as data.
@ -78,28 +59,6 @@ pub fn tpm_log_event_ascii(
        )?;
        // FIXME: what do we want as flags here?
        tpm2.hash_log_extend_event(Default::default(), buffer, event)?;
-    } else if let Ok(mut tpm1) = open_capable_tpm1(boot_services) {
-        let required_size = mem::size_of::<PcrIndex>()
-            + mem::size_of::<EventType>()
-            + mem::size_of::<Sha1Digest>()
-            + mem::size_of::<u32>()
-            + description.len();
-
-        let mut event_buffer = vec![MaybeUninit::<u8>::uninit(); required_size];
-
-        // Compute sha1 of the event data
-        let mut m = sha1_smol::Sha1::new();
-        m.update(description.as_bytes());
-
-        let event = v1::PcrEvent::new_in_buffer(
-            event_buffer.as_mut_slice(),
-            pcr_index,
-            EventType::IPL,
-            m.digest().bytes(),
-            description.as_bytes(),
-        )?;
-
-        tpm1.hash_log_extend_event(event, Some(buffer))?;
    }

    Ok(true)