tpm: Add support for sha384

diff --git a/plugins/tpm/fu-tpm-eventlog-common.c b/plugins/tpm/fu-tpm-eventlog-common.c
index 606774801961adec7ccbbf4dd5fe3e0a0a4a1c0f..cc66ed6903df9eaa14313943e13a0fae32965cf1 100644 (file)
--- a/plugins/tpm/fu-tpm-eventlog-common.c
+++ b/plugins/tpm/fu-tpm-eventlog-common.c
@@ -159,10 +159,13 @@ fu_tpm_eventlog_calc_checksums(GPtrArray *items, guint8 pcr, GError **error)
 {
        guint cnt_sha1 = 0;
        guint cnt_sha256 = 0;
+       guint cnt_sha384 = 0;
        guint8 digest_sha1[TPM2_SHA1_DIGEST_SIZE] = {0x0};
        guint8 digest_sha256[TPM2_SHA256_DIGEST_SIZE] = {0x0};
+       guint8 digest_sha384[TPM2_SHA384_DIGEST_SIZE] = {0x0};
        gsize digest_sha1_len = sizeof(digest_sha1);
        gsize digest_sha256_len = sizeof(digest_sha256);
+       gsize digest_sha384_len = sizeof(digest_sha384);
        g_autoptr(GPtrArray) csums = g_ptr_array_new_with_free_func(g_free);
 
        /* sanity check */
@@ -189,6 +192,7 @@ fu_tpm_eventlog_calc_checksums(GPtrArray *items, guint8 pcr, GError **error)
                                /* the final byte indicates the locality from which TPM2_Startup()
                                 * was issued -- which is the initial value of PCR0 */
                                if (strncmp((const char *)buf, "StartupLocality", bufsz - 2) == 0) {
+                                       digest_sha384[TPM2_SHA384_DIGEST_SIZE - 1] = buf[bufsz - 1];
                                        digest_sha256[TPM2_SHA256_DIGEST_SIZE - 1] = buf[bufsz - 1];
                                        digest_sha1[TPM2_SHA1_DIGEST_SIZE - 1] = buf[bufsz - 1];
                                        continue;
@@ -218,12 +222,24 @@ fu_tpm_eventlog_calc_checksums(GPtrArray *items, guint8 pcr, GError **error)
                        g_checksum_get_digest(csum_sha256, digest_sha256, &digest_sha256_len);
                        cnt_sha256++;
                }
+               if (item->checksum_sha384 != NULL) {
+                       g_autoptr(GChecksum) csum_sha384 = g_checksum_new(G_CHECKSUM_SHA384);
+                       g_checksum_update(csum_sha384,
+                                         (const guchar *)digest_sha384,
+                                         digest_sha384_len);
+                       g_checksum_update(
+                           csum_sha384,
+                           (const guchar *)g_bytes_get_data(item->checksum_sha384, NULL),
+                           g_bytes_get_size(item->checksum_sha384));
+                       g_checksum_get_digest(csum_sha384, digest_sha384, &digest_sha384_len);
+                       cnt_sha384++;
+               }
        }
-       if (cnt_sha1 == 0 && cnt_sha256 == 0) {
+       if (cnt_sha1 == 0 && cnt_sha256 == 0 && cnt_sha384 == 0) {
                g_set_error_literal(error,
                                    G_IO_ERROR,
                                    G_IO_ERROR_INVALID_DATA,
-                                   "no SHA1 or SHA256 data");
+                                   "no SHA1, SHA256, or SHA384 data");
                return NULL;
        }
        if (cnt_sha1 > 0) {
@@ -236,5 +252,10 @@ fu_tpm_eventlog_calc_checksums(GPtrArray *items, guint8 pcr, GError **error)
                blob_sha256 = g_bytes_new_static(digest_sha256, sizeof(digest_sha256));
                g_ptr_array_add(csums, fu_tpm_eventlog_strhex(blob_sha256));
        }
+       if (cnt_sha384 > 0) {
+               g_autoptr(GBytes) blob_sha384 = NULL;
+               blob_sha384 = g_bytes_new_static(digest_sha384, sizeof(digest_sha384));
+               g_ptr_array_add(csums, fu_tpm_eventlog_strhex(blob_sha384));
+       }
        return g_steal_pointer(&csums);
 }

diff --git a/plugins/tpm/fu-tpm-eventlog-common.h b/plugins/tpm/fu-tpm-eventlog-common.h
index 217221ece40bb7a3ef643621f2a21aa228f4b7b2..3fdece953287229af939ca10510209db02e1c4f8 100644 (file)
--- a/plugins/tpm/fu-tpm-eventlog-common.h
+++ b/plugins/tpm/fu-tpm-eventlog-common.h
@@ -46,6 +46,7 @@ typedef struct {
        FuTpmEventlogItemKind kind;
        GBytes *checksum_sha1;
        GBytes *checksum_sha256;
+       GBytes *checksum_sha384;
        GBytes *blob;
 } FuTpmEventlogItem;
 

diff --git a/plugins/tpm/fu-tpm-eventlog-parser.c b/plugins/tpm/fu-tpm-eventlog-parser.c
index d57aece9777c6de062e3b3d62b95b3592b515bdd..f56ea5c8fa2f142284d5494916f388b3875ca8e2 100644 (file)
--- a/plugins/tpm/fu-tpm-eventlog-parser.c
+++ b/plugins/tpm/fu-tpm-eventlog-parser.c
@@ -42,6 +42,8 @@ fu_tpm_eventlog_parser_item_free(FuTpmEventlogItem *item)
                g_bytes_unref(item->checksum_sha1);
        if (item->checksum_sha256 != NULL)
                g_bytes_unref(item->checksum_sha256);
+       if (item->checksum_sha384 != NULL)
+               g_bytes_unref(item->checksum_sha384);
        g_free(item);
 }
 
@@ -66,6 +68,10 @@ fu_tpm_eventlog_item_to_string(FuTpmEventlogItem *item, guint idt, GString *str)
                g_autofree gchar *csum = fu_tpm_eventlog_strhex(item->checksum_sha256);
                fu_string_append(str, idt, "ChecksumSha256", csum);
        }
+       if (item->checksum_sha384 != NULL) {
+               g_autofree gchar *csum = fu_tpm_eventlog_strhex(item->checksum_sha384);
+               fu_string_append(str, idt, "ChecksumSha384", csum);
+       }
        if (item->blob != NULL) {
                g_autofree gchar *blobstr = fu_tpm_eventlog_blobstr(item->blob);
                if (blobstr != NULL)
@@ -98,6 +104,7 @@ fu_tpm_eventlog_parser_parse_blob_v2(const guint8 *buf,
                guint32 datasz = 0;
                g_autoptr(GBytes) checksum_sha1 = NULL;
                g_autoptr(GBytes) checksum_sha256 = NULL;
+               g_autoptr(GBytes) checksum_sha384 = NULL;
 
                /* read entry */
                if (!fu_memread_uint32_safe(buf,
@@ -169,6 +176,9 @@ fu_tpm_eventlog_parser_parse_blob_v2(const guint8 *buf,
                        else if (alg_type == TPM2_ALG_SHA256)
                                checksum_sha256 =
                                    g_bytes_new_take(g_steal_pointer(&digest), alg_size);
+                       else if (alg_type == TPM2_ALG_SHA384)
+                               checksum_sha384 =
+                                   g_bytes_new_take(g_steal_pointer(&digest), alg_size);
 
                        /* next block */
                        idx += alg_size;

diff --git a/plugins/tpm/fu-tpm-plugin.c b/plugins/tpm/fu-tpm-plugin.c
index c0be3bc2ca151d9ea9974f11acefc1ba4ee24326..5eacaaf2f7f2a984f9e27e5d1ea9a8bb2206e066 100644 (file)
--- a/plugins/tpm/fu-tpm-plugin.c
+++ b/plugins/tpm/fu-tpm-plugin.c
@@ -90,6 +90,10 @@ fu_tpm_plugin_device_added(FuPlugin *plugin, FuDevice *dev)
                        fu_plugin_add_report_metadata(plugin, "Pcr0_SHA256", csum);
                        continue;
                }
+               if (csum_type == G_CHECKSUM_SHA384) {
+                       fu_plugin_add_report_metadata(plugin, "Pcr0_SHA384", csum);
+                       continue;
+               }
        }
 }
 
@@ -256,6 +260,8 @@ fu_tpm_plugin_eventlog_report_metadata(FuPlugin *plugin)
                        checksum = fu_tpm_eventlog_strhex(item->checksum_sha1);
                else if (item->checksum_sha256 != NULL)
                        checksum = fu_tpm_eventlog_strhex(item->checksum_sha256);
+               else if (item->checksum_sha384 != NULL)
+                       checksum = fu_tpm_eventlog_strhex(item->checksum_sha384);
                else
                        continue;
                g_string_append_printf(str, "0x%08x %s", item->kind, checksum);