On Thu Nov 7, 2024 at 4:00 PM EET, Mimi Zohar wrote:
> On Thu, 2024-11-07 at 15:47 +0200, Jarkko Sakkinen wrote:
> > On Thu Nov 7, 2024 at 3:44 PM EET, Mimi Zohar wrote:
> > > >
> > > > @@ -232,18 +236,26 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> > > > int rc;
> > > > int i;
> > > >
> > > > - rc = tpm2_start_auth_session(chip);
> > > > - if (rc)
> > > > - return rc;
> > > > + if (!disable_pcr_integrity_protection) {
> > > > + rc = tpm2_start_auth_session(chip);
> > > > + if (rc)
> > > > + return rc;
> > > > + }
> > > >
> > > > rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
> > > > if (rc) {
> > > > - tpm2_end_auth_session(chip);
> > > > + if (!disable_pcr_integrity_protection)
> > > > + tpm2_end_auth_session(chip);
> > > > return rc;
> > > > }
> > > >
> > > > - tpm_buf_append_name(chip, &buf, pcr_idx, NULL);
> > > > - tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0);
> > > > + if (!disable_pcr_integrity_protection) {
> > > > + tpm_buf_append_name(chip, &buf, pcr_idx);
> > >
> > > tpm_buf_append_name() parameters didn't change. Don't remove the 'name' field
> > > here.
> >
> > Hmm... weird I'll check this. Maybe I had something left to staging...
Yes! This was correct in my clone but not in the patch.
Clearly a sign that I wait until next week before sending a new version
:-)
> >
> > >
> > >
> > > > + tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0);
> > > > + } else {
> > > > + tpm_buf_append_handle(chip, &buf, pcr_idx);
> > >
> >
> > > Or here.
> >
> > Here I think it is appropriate
>
> Agreed
Great
BR, Jarkko
