On Tue, Nov 05, 2024 at 10:58:47AM +0800, Gary Lin wrote: > On Mon, Nov 04, 2024 at 01:20:45PM -0500, Stefan Berger wrote: > > > > > > On 11/4/24 2:31 AM, Gary Lin via Grub-devel wrote: > > > This commit adds the necessary TPM2 types and structs as the preparation > > > for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal > > > functions are also added to handle the data structure to be submitted to > > > TPM2 commands and to be received from the response. > > > > > > Cc: Stefan Berger <stef...@linux.ibm.com> > > > Signed-off-by: Hernan Gatta <hega...@linux.microsoft.com> > > > Signed-off-by: Gary Lin <g...@suse.com> > > > Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> > > > --- > > > grub-core/lib/tss2/tss2_mu.c | 1174 +++++++++++++++++++++++++++++ > > > grub-core/lib/tss2/tss2_mu.h | 397 ++++++++++ > > > grub-core/lib/tss2/tss2_structs.h | 796 +++++++++++++++++++ > > > grub-core/lib/tss2/tss2_types.h | 404 ++++++++++ > > > 4 files changed, 2771 insertions(+) > > > create mode 100644 grub-core/lib/tss2/tss2_mu.c > > > create mode 100644 grub-core/lib/tss2/tss2_mu.h > > > create mode 100644 grub-core/lib/tss2/tss2_structs.h > > > create mode 100644 grub-core/lib/tss2/tss2_types.h > > > > > > > > + > > > +/* Buffer Size Constants */ > > > +#define TPM_MAX_PCRS 32 > > > > This should be 24 and it seems that it can be changed easily. > > > It is from tpm2-tss: > https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_tpm2_types.h#L25 > > I'm still trying to find out where the number is from. > tpm2-tss set the value without a clear explanation: https://github.com/tpm2-software/tpm2-tss/commit/35750de13af0b2aa4e82e24308a99c7e0f06c961#diff-2540f5a71a43e69031c4dcb091bc9356f54d0936a5f31bdc8b8d4d07612c419eR50
There were IMPLEMENTATION_PCR(24) and PLATFORM_PCR(24) to indicate the number of PCRs. Those two constants were removed and then MAX_PCRS was set as 32 in the commit. On the other hand, the TPM 2.0 library spec only mentions that the platform specific spec can define the minimum number of PCR, and "32" is only used as an example for TPMS_PCR_SELECTION. EXAMPLE 3 If the applicable platform-specific specification requires that the TPM have a minimum of 24 PCR but the TPM implements 32, then a PCR select of 3 octets would imply that PCR 24-31 are not selected. In "4.6 PCR Requirement" of "TCG PC Client Platform TPM Profile Specification for TPM 2.0", it defines the minimum number of PCRs is 24. A conformant TPM SHALL allow an allocation of a minimum of 24 PCRs, 0-23, within all allocated bank. It seems to me that there is no static maximum number of PCRs is defined. Anyway, I'll change TPM_MAX_PCRS to 24. For bootloaders, only the PCRs for SRTM, i.e. 0~15, really matter, so supporting 24 PCRs is enough. Gary Lin _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
