master

分支 (12)

标签 (12)

管理

管理

master

openEuler-20.03-LTS-SP2

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS-SP1

openEuler-20.03-LTS-Next

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP1

openEuler-22.09

openEuler-22.03-LTS

openEuler-21.09

openEuler-21.03

openEuler-20.09

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

libtpms
/
tpm2-Add-SEED_COMPAT_LEVEL-to-nullSee...

From 6617eecb7ea815974a1cfc19f60a091f64c7ba30 Mon Sep 17 00:00:00 2001
From: jiangfangjie 00559066 <jiangfangjie@huawei.com>
Date: Tue, 11 May 2021 10:34:49 +0800
Subject: [PATCH 2/7] tpm2: Add SEED_COMPAT_LEVEL to nullSeed to track
 compatibility level

Add SEED_COMPAT_LEVEL to the nullSeed in the state_reset data to track
its compatibility level. We need it for VM suspend and resume.
---
 src/tpm2/Global.h    |  1 +
 src/tpm2/Hierarchy.c |  3 ++-
 src/tpm2/NVMarshal.c | 21 ++++++++++++++++++---
 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/src/tpm2/Global.h b/src/tpm2/Global.h
index 011aff8..3448de3 100644
--- a/src/tpm2/Global.h
+++ b/src/tpm2/Global.h
@@ -809,6 +809,7 @@ typedef struct state_reset_data
     // the TPM_RH_NULL hierarchy. The
     // default reset value is from the RNG.
     TPM2B_SEED          nullSeed;           // The seed value for the TPM_RN_NULL
+    SEED_COMPAT_LEVEL   nullSeedCompatLevel; // libtpms added
     // hierarchy. The default reset value
     // is from the RNG.
     //*****************************************************************************
diff --git a/src/tpm2/Hierarchy.c b/src/tpm2/Hierarchy.c
index 70a3588..e9e6d6d 100644
--- a/src/tpm2/Hierarchy.c
+++ b/src/tpm2/Hierarchy.c
@@ -154,6 +154,7 @@ HierarchyStartup(
 	    CryptRandomGenerate(gr.nullProof.t.size, gr.nullProof.t.buffer);
 	    gr.nullSeed.t.size = sizeof(gr.nullSeed.t.buffer);
 	    CryptRandomGenerate(gr.nullSeed.t.size, gr.nullSeed.t.buffer);
+	    gr.nullSeedCompatLevel = SEED_COMPAT_LEVEL_LAST;  // libtpms added
 	}
     return;
 }
@@ -235,7 +236,7 @@ HierarchyGetPrimarySeedCompatLevel(
 	    return gp.EPSeedCompatLevel;
 	    break;
 	  case TPM_RH_NULL:
-	    return SEED_COMPAT_LEVEL_LAST;
+	    return gr.nullSeedCompatLevel;
 	  default:
 	    FAIL(FATAL_ERROR_INTERNAL);
 	    break;
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index 653ef1a..5c1955b 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -1235,7 +1235,7 @@ skip_future_versions:
 }

 #define STATE_RESET_DATA_MAGIC  0x01102332
-#define STATE_RESET_DATA_VERSION 2
+#define STATE_RESET_DATA_VERSION 3

 TPM_RC
 STATE_RESET_DATA_Unmarshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
@@ -1326,11 +1326,21 @@ STATE_RESET_DATA_Unmarshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
 #endif
 skip_alg_ecc:

+    /* default values before conditional block */
+    data->nullSeedCompatLevel = SEED_COMPAT_LEVEL_ORIGINAL;
+
     /* version 2 starts having indicator for next versions that we can skip;
        this allows us to downgrade state */
     if (rc == TPM_RC_SUCCESS && hdr.version >= 2) {
-        BLOCK_SKIP_READ(skip_future_versions, FALSE, buffer, size,
+        BLOCK_SKIP_READ(skip_future_versions, hdr.version >= 3, buffer, size,
                         "STATE_RESET_DATA", "version 3 or later");
+        if (rc == TPM_RC_SUCCESS) {
+            rc = SEED_COMPAT_LEVEL_Unmarshal(&gr.nullSeedCompatLevel,
+                                             buffer, size, "nullSeed");
+        }
+
+        BLOCK_SKIP_READ(skip_future_versions, FALSE, buffer, size,
+                        "STATE_RESET_DATA", "version 4 or later");
         /* future versions nest-append here */
     }

@@ -1349,7 +1359,7 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)

     written = NV_HEADER_Marshal(buffer, size,
                                 STATE_RESET_DATA_VERSION,
-                                STATE_RESET_DATA_MAGIC, 1);
+                                STATE_RESET_DATA_MAGIC, 3);
     written += TPM2B_PROOF_Marshal(&data->nullProof, buffer, size);
     written += TPM2B_Marshal(&data->nullSeed.b, buffer, size);
     written += UINT32_Marshal(&data->clearCount, buffer, size);
@@ -1383,9 +1393,14 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
 #endif
     BLOCK_SKIP_WRITE_POP(size);

+    written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
+    written += SEED_COMPAT_LEVEL_Marshal(&data->nullSeedCompatLevel,
+                                         buffer, size);
+
     written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
     /* future versions append below this line */

+    BLOCK_SKIP_WRITE_POP(size);
     BLOCK_SKIP_WRITE_POP(size);

     BLOCK_SKIP_WRITE_CHECK;
--
2.21.0.windows.1