From: Yann Diorcet Date: Thu, 23 Oct 2025 12:02:50 +0000 (+0200) Subject: tss2: Always init out buffer before calling tpm2_submit_command_real() X-Git-Tag: grub-2.14-rc1~10 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4129e9ad6feef6c609214ee30d6839740629039d;p=thirdparty%2Fgrub.git tss2: Always init out buffer before calling tpm2_submit_command_real() When tpm2_submit_command_real() is called for a retry, the content of out buffer can already be set with previous tpm2_submit_command_real() call's reply. Add a call to grub_tpm2_buffer_init() before tpm2_submit_command_real(). This solves the issues occurring during TPM_CC_Load command on the integrated TPM 2.0 in Intel Elkhart Lake chip. Signed-off-by: Yann Diorcet Reviewed-by: Daniel Kiper --- diff --git a/grub-core/lib/tss2/tpm2_cmd.c b/grub-core/lib/tss2/tpm2_cmd.c index b682eb431..c6996cac8 100644 --- a/grub-core/lib/tss2/tpm2_cmd.c +++ b/grub-core/lib/tss2/tpm2_cmd.c @@ -89,6 +89,7 @@ tpm2_submit_command (const TPMI_ST_COMMAND_TAG_t tag, /* Catch TPM_RC_RETRY and send the command again */ do { + grub_tpm2_buffer_init (out); err = tpm2_submit_command_real (tag, commandCode, responseCode, in, out); if (*responseCode != TPM_RC_RETRY) break; @@ -167,7 +168,6 @@ grub_tpm2_createprimary (const TPMI_RH_HIERARCHY_t primaryHandle, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_CreatePrimary, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -250,7 +250,6 @@ grub_tpm2_startauthsession (const TPMI_DH_OBJECT_t tpmKey, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_StartAuthSession, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) @@ -308,7 +307,6 @@ grub_tpm2_policypcr (const TPMI_SH_POLICY_t policySessions, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_PolicyPCR, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -347,7 +345,6 @@ grub_tpm2_readpublic (const TPMI_DH_OBJECT_t objectHandle, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_ReadPublic, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -408,7 +405,6 @@ grub_tpm2_load (const TPMI_DH_OBJECT_t parent_handle, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_Load, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -475,7 +471,6 @@ grub_tpm2_loadexternal (const TPMS_AUTH_COMMAND_t *authCommand, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_LoadExternal, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -527,7 +522,6 @@ grub_tpm2_unseal (const TPMI_DH_OBJECT_t itemHandle, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_Unseal, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -561,7 +555,6 @@ grub_tpm2_flushcontext (const TPMI_DH_CONTEXT_t handle) return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (TPM_ST_NO_SESSIONS, TPM_CC_FlushContext, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -609,7 +602,6 @@ grub_tpm2_pcr_event (const TPMI_DH_PCR_t pcrHandle, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (TPM_ST_SESSIONS, TPM_CC_PCR_Event, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -666,7 +658,6 @@ grub_tpm2_pcr_read (const TPMS_AUTH_COMMAND_t *authCommand, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_PCR_Read, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -719,7 +710,6 @@ grub_tpm2_policygetdigest (const TPMI_SH_POLICY_t policySession, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_PolicyGetDigest, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -802,7 +792,6 @@ grub_tpm2_create (const TPMI_DH_OBJECT_t parentHandle, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_Create, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -856,7 +845,6 @@ grub_tpm2_evictcontrol (const TPMI_RH_PROVISION_t auth, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_EvictControl, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -922,7 +910,6 @@ grub_tpm2_hash (const TPMS_AUTH_COMMAND_t *authCommand, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_Hash, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -981,7 +968,6 @@ grub_tpm2_verifysignature (const TPMI_DH_OBJECT_t keyHandle, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_VerifySignature, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -1041,7 +1027,6 @@ grub_tpm2_policyauthorize (const TPMI_SH_POLICY_t policySession, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_PolicyAuthorize, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -1082,7 +1067,6 @@ grub_tpm2_testparms (const TPMT_PUBLIC_PARMS_t *parms, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_TestParms, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) @@ -1126,7 +1110,6 @@ grub_tpm2_nv_definespace (const TPMI_RH_PROVISION_t authHandle, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_NV_DefineSpace, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -1161,7 +1144,6 @@ grub_tpm2_nv_undefinespace (const TPMI_RH_PROVISION_t authHandle, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_NV_UndefineSpace, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -1197,7 +1179,6 @@ grub_tpm2_nv_readpublic (const TPMI_RH_NV_INDEX_t nvIndex, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_NV_ReadPublic, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -1242,7 +1223,6 @@ grub_tpm2_nv_read (const TPMI_RH_NV_AUTH_t authHandle, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_NV_Read, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc; @@ -1284,7 +1264,6 @@ grub_tpm2_nv_write (const TPMI_RH_NV_AUTH_t authHandle, return TPM_RC_FAILURE; /* Submit */ - grub_tpm2_buffer_init (&out); rc = tpm2_submit_command (tag, TPM_CC_NV_Write, &responseCode, &in, &out); if (rc != TPM_RC_SUCCESS) return rc;