On Mon, Sep 28, 2020 at 06:15:00PM +0200, Ard Biesheuvel wrote:
> > > > It is possible but initially feels a bit weird:
> > > >
> > > > - sizeof(TCG_SPECID_SIG)) || count > efispecid->num_algs) {
> > > > + sizeof(TCG_SPECID_SIG)) ||
> > > > + !efispecid->num_algs || count != efispecid->num_algs) {
^^^
> In tpm2_bios_measurements_start(), we dereference tpm_bios_log to
> access bios_event_log and bios_event_log_end without checking tpm_bios
> for NULL. This is where the crash seems to occur.
That's a good guess. Just a bit confused how that particular patch can
have the effect: it has two deferences to efispecid instead of one in
the same statement. Would be interesting to hear if the bug is triggered
in Kenneth's environment by the exact same commit.
/Jarkko
