tpm2-util: tighten rules on the nvindex handle range we allocate from

Let's follow the conventions set by "Registry of Reserved TPM 2.0 Handles and Localities" and only allocate nvindex currently not assigned to any vendor. For details see: https://trustedcomputinggroup.org/resource/registry/ Section 2.2
2024-07-08 20:15:55 +00:00 · 2024-06-10 18:58:54 +02:00 · 2024-06-10 18:58:54 +02:00 · a5139b1415
commit a5139b1415
parent 9afc6ac87c
2 changed files with 13 additions and 1 deletions
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@ -5800,7 +5800,8 @@ int tpm2_unseal(Tpm2Context *c,
 }

 static TPM2_HANDLE generate_random_nv_index(void) {
-        return TPM2_NV_INDEX_FIRST + (TPM2_HANDLE) random_u64_range(TPM2_NV_INDEX_LAST - TPM2_NV_INDEX_FIRST + 1);
+        return TPM2_NV_INDEX_UNASSIGNED_FIRST +
+                (TPM2_HANDLE) random_u64_range(TPM2_NV_INDEX_UNASSIGNED_LAST - TPM2_NV_INDEX_UNASSIGNED_FIRST + 1);
 }

 int tpm2_define_policy_nv_index(
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@ -484,3 +484,14 @@ enum {

 int tpm2_pcr_index_from_string(const char *s) _pure_;
 const char *tpm2_pcr_index_to_string(int pcr) _const_;
+
+/* The first and last NV index handle that is not registered to any company, as per TCG's "Registry of
+ * Reserved TPM 2.0 Handles and Localities", section 2.2.2. */
+#define TPM2_NV_INDEX_UNASSIGNED_FIRST UINT32_C(0x01800000)
+#define TPM2_NV_INDEX_UNASSIGNED_LAST  UINT32_C(0x01BFFFFF)
+
+#if HAVE_TPM2
+/* Verify that the above is indeed a subset of the general NV Index range */
+assert_cc(TPM2_NV_INDEX_UNASSIGNED_FIRST >= TPM2_NV_INDEX_FIRST);
+assert_cc(TPM2_NV_INDEX_UNASSIGNED_LAST <= TPM2_NV_INDEX_LAST);
+#endif