Merge pull request #224 from nix-community/stub-remove-tpm1
stub: remove TPM 1 support
This commit is contained in:
commit
7f92dd1e7b
|
@ -103,7 +103,6 @@ dependencies = [
|
|||
"bitflags",
|
||||
"goblin",
|
||||
"log",
|
||||
"sha1_smol",
|
||||
"uefi",
|
||||
]
|
||||
|
||||
|
@ -177,12 +176,6 @@ dependencies = [
|
|||
"syn 2.0.32",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "sha1_smol"
|
||||
version = "1.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012"
|
||||
|
||||
[[package]]
|
||||
name = "sha2"
|
||||
version = "0.10.7"
|
||||
|
|
|
@ -19,8 +19,5 @@ bitflags = "2.3.3"
|
|||
# Even in debug builds, we don't enable the debug logs, because they generate a lot of spam from goblin.
|
||||
log = { version = "0.4.19", default-features = false, features = [ "max_level_info", "release_max_level_warn" ]}
|
||||
|
||||
# SHA1 for TPM TCG interface version 1.
|
||||
sha1_smol = "1.0.0"
|
||||
|
||||
[badges]
|
||||
maintenance = { status = "actively-developed" }
|
||||
|
|
|
@ -3,10 +3,7 @@ use core::mem::{self, MaybeUninit};
|
|||
use log::warn;
|
||||
use uefi::{
|
||||
prelude::BootServices,
|
||||
proto::tcg::{
|
||||
v1::{self, Sha1Digest},
|
||||
v2, EventType, PcrIndex,
|
||||
},
|
||||
proto::tcg::{v2, EventType, PcrIndex},
|
||||
table::boot::ScopedProtocol,
|
||||
};
|
||||
|
||||
|
@ -32,24 +29,8 @@ fn open_capable_tpm2(boot_services: &BootServices) -> uefi::Result<ScopedProtoco
|
|||
Ok(tpm_protocol)
|
||||
}
|
||||
|
||||
fn open_capable_tpm1(boot_services: &BootServices) -> uefi::Result<ScopedProtocol<v1::Tcg>> {
|
||||
let tpm_handle = boot_services.get_handle_for_protocol::<v1::Tcg>()?;
|
||||
let mut tpm_protocol = boot_services.open_protocol_exclusive::<v1::Tcg>(tpm_handle)?;
|
||||
|
||||
let status_check = tpm_protocol.status_check()?;
|
||||
|
||||
if status_check.protocol_capability.tpm_deactivated()
|
||||
|| !status_check.protocol_capability.tpm_present()
|
||||
{
|
||||
warn!("Capability `TPM present` is not there or `TPM deactivated` is there for the existing TPM TCGv1 protocol");
|
||||
return Err(uefi::Status::UNSUPPORTED.into());
|
||||
}
|
||||
|
||||
Ok(tpm_protocol)
|
||||
}
|
||||
|
||||
pub fn tpm_available(boot_services: &BootServices) -> bool {
|
||||
open_capable_tpm2(boot_services).is_ok() || open_capable_tpm1(boot_services).is_ok()
|
||||
open_capable_tpm2(boot_services).is_ok()
|
||||
}
|
||||
|
||||
/// Log an event in the TPM with `buffer` as data.
|
||||
|
@ -78,28 +59,6 @@ pub fn tpm_log_event_ascii(
|
|||
)?;
|
||||
// FIXME: what do we want as flags here?
|
||||
tpm2.hash_log_extend_event(Default::default(), buffer, event)?;
|
||||
} else if let Ok(mut tpm1) = open_capable_tpm1(boot_services) {
|
||||
let required_size = mem::size_of::<PcrIndex>()
|
||||
+ mem::size_of::<EventType>()
|
||||
+ mem::size_of::<Sha1Digest>()
|
||||
+ mem::size_of::<u32>()
|
||||
+ description.len();
|
||||
|
||||
let mut event_buffer = vec![MaybeUninit::<u8>::uninit(); required_size];
|
||||
|
||||
// Compute sha1 of the event data
|
||||
let mut m = sha1_smol::Sha1::new();
|
||||
m.update(description.as_bytes());
|
||||
|
||||
let event = v1::PcrEvent::new_in_buffer(
|
||||
event_buffer.as_mut_slice(),
|
||||
pcr_index,
|
||||
EventType::IPL,
|
||||
m.digest().bytes(),
|
||||
description.as_bytes(),
|
||||
)?;
|
||||
|
||||
tpm1.hash_log_extend_event(event, Some(buffer))?;
|
||||
}
|
||||
|
||||
Ok(true)
|
||||
|
|
Loading…
Reference in New Issue