On Thu, 2024-11-07 at 15:47 +0200, Jarkko Sakkinen wrote:
> On Thu Nov 7, 2024 at 3:44 PM EET, Mimi Zohar wrote:
> > >
> > > @@ -232,18 +236,26 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> > > int rc;
> > > int i;
> > >
> > > - rc = tpm2_start_auth_session(chip);
> > > - if (rc)
> > > - return rc;
> > > + if (!disable_pcr_integrity_protection) {
> > > + rc = tpm2_start_auth_session(chip);
> > > + if (rc)
> > > + return rc;
> > > + }
> > >
> > > rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
> > > if (rc) {
> > > - tpm2_end_auth_session(chip);
> > > + if (!disable_pcr_integrity_protection)
> > > + tpm2_end_auth_session(chip);
> > > return rc;
> > > }
> > >
> > > - tpm_buf_append_name(chip, &buf, pcr_idx, NULL);
> > > - tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0);
> > > + if (!disable_pcr_integrity_protection) {
> > > + tpm_buf_append_name(chip, &buf, pcr_idx);
> >
> > tpm_buf_append_name() parameters didn't change. Don't remove the 'name' field
> > here.
>
> Hmm... weird I'll check this. Maybe I had something left to staging...
>
> >
> >
> > > + tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0);
> > > + } else {
> > > + tpm_buf_append_handle(chip, &buf, pcr_idx);
> >
>
> > Or here.
>
> Here I think it is appropriate
Agreed
>
> >
> > > + tpm_buf_append_auth(chip, &buf, 0, NULL, 0);
> > > + }
> > >
> > > tpm_buf_append_u32(&buf, chip->nr_allocated_banks);
> > >
