Secureboot: Enhanced Nomdecomm: Quote Fix

PCR8 was erroneously being included in the quote response from the TPM. We don't actually want to read out PCR8 in hostboot firmware. This change excludes PCR8 from the quote process. Change-Id: Ib2ace53b157b64b6a5dac392b0304b31765d7afb Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/74895 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
open-power · Mar 26, 2019 · c7534ed · c7534ed
1 parent f6ddb6d
commit c7534ed
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/usr/secureboot/trusted/trustedbootCmds.C b/src/usr/secureboot/trusted/trustedbootCmds.C
@@ -1465,7 +1465,7 @@ errlHndl_t tpmCmdGenerateQuote(TpmTarget* i_target,
     memset(l_cmd->quoteData.pcrSelection.pcrSelections[0].pcrSelect, 0,
            sizeof(l_cmd->quoteData.pcrSelection.pcrSelections[0].pcrSelect));
 
-    for(size_t i = PCR_0; i <= FW_USED_PCR_COUNT; ++i)
+    for(size_t i = PCR_0; i < FW_USED_PCR_COUNT; ++i)
     {
         l_cmd->quoteData.pcrSelection.pcrSelections[0].pcrSelect[i/8] |=
             0x01 << (i % 8);