mirror of
https://github.com/systemd/systemd
synced 2024-10-06 16:21:34 +00:00
tpm2-util: tighten rules on the nvindex handle range we allocate from
Let's follow the conventions set by "Registry of Reserved TPM 2.0 Handles and Localities" and only allocate nvindex currently not assigned to any vendor. For details see: https://trustedcomputinggroup.org/resource/registry/ Section 2.2
This commit is contained in:
parent
9afc6ac87c
commit
a5139b1415
|
@ -5800,7 +5800,8 @@ int tpm2_unseal(Tpm2Context *c,
|
|||
}
|
||||
|
||||
static TPM2_HANDLE generate_random_nv_index(void) {
|
||||
return TPM2_NV_INDEX_FIRST + (TPM2_HANDLE) random_u64_range(TPM2_NV_INDEX_LAST - TPM2_NV_INDEX_FIRST + 1);
|
||||
return TPM2_NV_INDEX_UNASSIGNED_FIRST +
|
||||
(TPM2_HANDLE) random_u64_range(TPM2_NV_INDEX_UNASSIGNED_LAST - TPM2_NV_INDEX_UNASSIGNED_FIRST + 1);
|
||||
}
|
||||
|
||||
int tpm2_define_policy_nv_index(
|
||||
|
|
|
@ -484,3 +484,14 @@ enum {
|
|||
|
||||
int tpm2_pcr_index_from_string(const char *s) _pure_;
|
||||
const char *tpm2_pcr_index_to_string(int pcr) _const_;
|
||||
|
||||
/* The first and last NV index handle that is not registered to any company, as per TCG's "Registry of
|
||||
* Reserved TPM 2.0 Handles and Localities", section 2.2.2. */
|
||||
#define TPM2_NV_INDEX_UNASSIGNED_FIRST UINT32_C(0x01800000)
|
||||
#define TPM2_NV_INDEX_UNASSIGNED_LAST UINT32_C(0x01BFFFFF)
|
||||
|
||||
#if HAVE_TPM2
|
||||
/* Verify that the above is indeed a subset of the general NV Index range */
|
||||
assert_cc(TPM2_NV_INDEX_UNASSIGNED_FIRST >= TPM2_NV_INDEX_FIRST);
|
||||
assert_cc(TPM2_NV_INDEX_UNASSIGNED_LAST <= TPM2_NV_INDEX_LAST);
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue