On Thu, 2018-11-08 at 17:21 +0200, Jarkko Sakkinen wrote:

On Thu, Nov 08, 2018 at 07:20:51PM +0530, Nayna Jain wrote:

quoted

Based on a discussion with Ken, the count in the TPML_PCR_SELECTION returns
the number of possible algorithms supported. In the example below, two
possible algorithms - SHA1 and SHA256 - are returned.

# /usr/local/bin/tssgetcapability -cap 5
2 PCR selections
    hash TPM_ALG_SHA1
    TPMS_PCR_SELECTION length 3
    ff ff ff
    hash TPM_ALG_SHA256
    TPMS_PCR_SELECTION length 3
    00 00 00

The pcr_select fields - "ff ff ff" and "00 00 00" - are bit masks for the
enabled PCRs. The SHA1 bank is enabled for all PCRs (0-23), while the SHA256
bank is not enabled.

The current code works, but it unnecessarily extends some banks. Instead of
basing the number of active banks on the number of algorithms returned, it
should be based on the pcr_select field.

   - Mimi & Nayna

I would just allocate array of the size of possible banks and grow
nr_active_banks for active algorithms to keep the code simple because
we are talking about insignificant amount of wasted space (might be
even zero bytes given how kernel allocators works)>

That's fine.  Remember the memory is just one concern, but the other
concerns are the performance of calculating the unneeded hash and the
TPM performance of including it in the PCR extend.

Mimi