From 38de680e582b36d4605b05d3b2c67a3c0c458bfb Mon Sep 17 00:00:00 2001 From: Ilias Apalodimas Date: Wed, 26 May 2021 21:01:00 +0300 Subject: [PATCH 1/4] efi_loader: Fix coverity warnings for efi tcg2 protocol Coverity reported 3 warnings on the current code. CID 331856, 331855, 331854 on the latest scan. Fix the rest of the warnings by initializing the variables before passing them to tpm2_get_pcr_info(). In order to avoid future warnings and errors initialize them to 0 within the function as well, since the values are always OR'ed after querying the hardware. Signed-off-by: Ilias Apalodimas --- lib/efi_loader/efi_tcg2.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 39074f7547..ee743f5951 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -403,6 +403,9 @@ static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, size_t i; int tpm_ret; + *supported_pcr = 0; + *active_pcr = 0; + *pcr_banks = 0; memset(response, 0, sizeof(response)); ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1); if (ret) @@ -481,7 +484,7 @@ out: static efi_status_t __get_active_pcr_banks(u32 *active_pcr_banks) { struct udevice *dev; - u32 active, supported, pcr_banks; + u32 active = 0, supported = 0, pcr_banks = 0; efi_status_t ret; int err; @@ -900,7 +903,7 @@ static efi_status_t create_specid_event(struct udevice *dev, void *buffer, struct tcg_efi_spec_id_event *spec_event; size_t spec_event_size; efi_status_t ret = EFI_DEVICE_ERROR; - u32 active, supported; + u32 active = 0, supported = 0; int err; size_t i; From ec0512b173bfe45bc6dc03dfcff40fec419239bb Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Mon, 24 May 2021 14:28:56 -0500 Subject: [PATCH 2/4] Revert "lib: introduce HASH_CALCULATE option" When we think of Kconfig, we usually think of features that we like to enable or not. Ideally, we wouldn't use Kconfig to fix a build issue, although sometimes it might make sense. With Kconfig it's hard to guarantee that the fix is universal. We can only say that it works for the set of tested configurations. In the majority of cases, it's preferable to let the linker figure things out for us. The reverted commit attempted to fix a build issue by adding an invisible Kconfig option. This is wrong in several ways: It invents a new Kconfig variable when CONFIG_HASH already exists for the same purpose. Second, hash-checksum.c makes use of the hash_progressive_lookup_algo() symbol, which is only provided with CONFIG_HASH, but this dependency was not expressed in the reverted patch. It feels like Kconfig is turning into a listing of all available source files, and a buffet to 'select' which ones to compile. The purpose of this revert is to enable the next change to make use of CONFIG_HASH instead of adding to Kconfig. This reverts commit 87316da05f2fd49d3709275e64ef0c5980366ade. Signed-off-by: Alexandru Gagniuc Acked-by: Masahisa Kojima --- common/Kconfig.boot | 1 - lib/Kconfig | 3 --- lib/Makefile | 2 +- lib/efi_loader/Kconfig | 2 -- 4 files changed, 1 insertion(+), 7 deletions(-) diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 3c6e77d099..89a3161f1f 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -80,7 +80,6 @@ config FIT_SIGNATURE select RSA_VERIFY select IMAGE_SIGN_INFO select FIT_FULL_CHECK - select HASH_CALCULATE help This option enables signature verification of FIT uImages, using a hash signed and verified using RSA. If diff --git a/lib/Kconfig b/lib/Kconfig index d675ab1d82..15019d2c65 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -439,9 +439,6 @@ config CRC32C config XXHASH bool -config HASH_CALCULATE - bool - endmenu menu "Compression Support" diff --git a/lib/Makefile b/lib/Makefile index 0835ea292c..6825671955 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -61,7 +61,7 @@ endif obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/ obj-$(CONFIG_$(SPL_)MD5) += md5.o obj-$(CONFIG_$(SPL_)RSA) += rsa/ -obj-$(CONFIG_HASH_CALCULATE) += hash-checksum.o +obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SHA256) += sha256.o obj-$(CONFIG_SHA512_ALGO) += sha512.o diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 98845b8ba3..ecbc0c9410 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -174,7 +174,6 @@ config EFI_CAPSULE_AUTHENTICATE select PKCS7_MESSAGE_PARSER select PKCS7_VERIFY select IMAGE_SIGN_INFO - select HASH_CALCULATE select EFI_SIGNATURE_SUPPORT default n help @@ -344,7 +343,6 @@ config EFI_SECURE_BOOT select X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER select PKCS7_VERIFY - select HASH_CALCULATE select EFI_SIGNATURE_SUPPORT default n help From 464010b0be09505aaf50ec208f996a6cf478a2dc Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Mon, 24 May 2021 14:28:57 -0500 Subject: [PATCH 3/4] efi_loader: Work-around build issue due to missing hash_calculate() The hash_calculate() symbol is provided by hash-checksum.c. It depends on hash_progressive_lookup_algo(), provided when CONFIG_HASH=y. The issue is that hash_calculate() is used by the efi_loader, irregardless of CONFIG_FIT_SIGNATURE. As pointed out in commit 87316da05f2f ("lib: introduce HASH_CALCULATE option"), enabling hash_calculate() based on CONFIG_FIT_SIGNATURE is incorrect. To resolve this, use CONFIG_HASH as the compile switch for hash-checksum.c. This ensures that all dependencies are compiled, and is the most natural Kconfig to use. There is the issue of having to 'select HASH' in a couple of places that already 'select SHA256'. This is a deeper problem with how hashes are organized, and fixing it is beyonf the scope of this change. Signed-off-by: Alexandru Gagniuc Acked-by: Masahisa Kojima --- lib/Makefile | 2 +- lib/efi_loader/Kconfig | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/Makefile b/lib/Makefile index 6825671955..b4795a62a0 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -61,7 +61,7 @@ endif obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/ obj-$(CONFIG_$(SPL_)MD5) += md5.o obj-$(CONFIG_$(SPL_)RSA) += rsa/ -obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o +obj-$(CONFIG_HASH) += hash-checksum.o obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SHA256) += sha256.o obj-$(CONFIG_SHA512_ALGO) += sha512.o diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index ecbc0c9410..a6f38d1385 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -166,6 +166,7 @@ config EFI_CAPSULE_AUTHENTICATE depends on EFI_CAPSULE_FIRMWARE depends on EFI_CAPSULE_ON_DISK depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT + select HASH select SHA256 select RSA select RSA_VERIFY @@ -334,6 +335,7 @@ config EFI_LOAD_FILE2_INITRD config EFI_SECURE_BOOT bool "Enable EFI secure boot support" depends on EFI_LOADER + select HASH select SHA256 select RSA select RSA_VERIFY_WITH_PKEY From 163a0d7e2cbdbdf26d90ac8d30c0495b814f3245 Mon Sep 17 00:00:00 2001 From: Masahisa Kojima Date: Wed, 26 May 2021 12:09:58 +0900 Subject: [PATCH 4/4] efi_loader: add PE/COFF image measurement "TCG PC Client Platform Firmware Profile Specification" requires to measure every attempt to load and execute a OS Loader(a UEFI application) into PCR[4]. This commit adds the PE/COFF image measurement, extends PCR, and appends measurement into Event Log. Acked-by: Ilias Apalodimas Tested-by: Ilias Apalodimas Signed-off-by: Masahisa Kojima Replace CONFIG_HASH_CALCULATE by CONFIG_HASH Fix conversions between pointers and u64. Signed-off-by: Heinrich Schuchardt Reviewed-by: Ilias Apalodimas --- include/efi_loader.h | 6 + include/efi_tcg2.h | 9 ++ include/tpm-v2.h | 18 +++ lib/efi_loader/Kconfig | 1 + lib/efi_loader/efi_image_loader.c | 62 ++++++--- lib/efi_loader/efi_tcg2.c | 207 ++++++++++++++++++++++++++++-- 6 files changed, 277 insertions(+), 26 deletions(-) diff --git a/include/efi_loader.h b/include/efi_loader.h index 522696d635..0a9c82a257 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -426,6 +426,10 @@ efi_status_t efi_disk_register(void); efi_status_t efi_rng_register(void); /* Called by efi_init_obj_list() to install EFI_TCG2_PROTOCOL */ efi_status_t efi_tcg2_register(void); +/* measure the pe-coff image, extend PCR and add Event Log */ +efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, + struct efi_loaded_image_obj *handle, + struct efi_loaded_image *loaded_image_info); /* Create handles and protocols for the partitions of a block device */ int efi_disk_create_partitions(efi_handle_t parent, struct blk_desc *desc, const char *if_typename, int diskid, @@ -886,6 +890,8 @@ bool efi_secure_boot_enabled(void); bool efi_capsule_auth_enabled(void); +void *efi_prepare_aligned_image(void *efi, u64 *efi_size); + bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, WIN_CERTIFICATE **auth, size_t *auth_len); diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index 40e241ce31..bcfb98168a 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -9,6 +9,7 @@ #if !defined _EFI_TCG2_PROTOCOL_H_ #define _EFI_TCG2_PROTOCOL_H_ +#include #include #define EFI_TCG2_PROTOCOL_GUID \ @@ -53,6 +54,14 @@ struct efi_tcg2_event { u8 event[]; } __packed; +struct uefi_image_load_event { + efi_physical_addr_t image_location_in_memory; + u64 image_length_in_memory; + u64 image_link_time_address; + u64 length_of_device_path; + struct efi_device_path device_path[]; +}; + struct efi_tcg2_boot_service_capability { u8 size; struct efi_tcg2_version structure_version; diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 7de7d6a57d..247b386967 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -70,6 +70,24 @@ struct udevice; #define EV_TABLE_OF_DEVICES ((u32)0x0000000B) #define EV_COMPACT_HASH ((u32)0x0000000C) +/* + * event types, cf. + * "TCG PC Client Platform Firmware Profile Specification", Family "2.0" + * rev 1.04, June 3, 2019 + */ +#define EV_EFI_EVENT_BASE ((u32)0x80000000) +#define EV_EFI_VARIABLE_DRIVER_CONFIG ((u32)0x80000001) +#define EV_EFI_VARIABLE_BOOT ((u32)0x80000002) +#define EV_EFI_BOOT_SERVICES_APPLICATION ((u32)0x80000003) +#define EV_EFI_BOOT_SERVICES_DRIVER ((u32)0x80000004) +#define EV_EFI_RUNTIME_SERVICES_DRIVER ((u32)0x80000005) +#define EV_EFI_GPT_EVENT ((u32)0x80000006) +#define EV_EFI_ACTION ((u32)0x80000007) +#define EV_EFI_PLATFORM_FIRMWARE_BLOB ((u32)0x80000008) +#define EV_EFI_HANDOFF_TABLES ((u32)0x80000009) +#define EV_EFI_HCRTM_EVENT ((u32)0x80000010) +#define EV_EFI_VARIABLE_AUTHORITY ((u32)0x800000E0) + /* TPMS_TAGGED_PROPERTY Structure */ struct tpms_tagged_property { u32 property; diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index a6f38d1385..6242caceb7 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -309,6 +309,7 @@ config EFI_TCG2_PROTOCOL select SHA512_ALGO select SHA384 select SHA512 + select HASH help Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware of the platform. diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index fe1ee198e2..bcd57f7fcc 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -302,6 +302,38 @@ static int cmp_pe_section(const void *arg1, const void *arg2) return 1; } +/** + * efi_prepare_aligned_image() - prepare 8-byte aligned image + * @efi: pointer to the EFI binary + * @efi_size: size of @efi binary + * + * If @efi is not 8-byte aligned, this function newly allocates + * the image buffer. + * + * Return: valid pointer to a image, return NULL if allocation fails. + */ +void *efi_prepare_aligned_image(void *efi, u64 *efi_size) +{ + size_t new_efi_size; + void *new_efi; + + /* + * Size must be 8-byte aligned and the trailing bytes must be + * zero'ed. Otherwise hash value may be incorrect. + */ + if (!IS_ALIGNED(*efi_size, 8)) { + new_efi_size = ALIGN(*efi_size, 8); + new_efi = calloc(new_efi_size, 1); + if (!new_efi) + return NULL; + memcpy(new_efi, efi, *efi_size); + *efi_size = new_efi_size; + return new_efi; + } else { + return efi; + } +} + /** * efi_image_parse() - parse a PE image * @efi: Pointer to image @@ -561,7 +593,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) struct efi_signature_store *db = NULL, *dbx = NULL; void *new_efi = NULL; u8 *auth, *wincerts_end; - size_t new_efi_size, auth_size; + size_t auth_size; bool ret = false; EFI_PRINT("%s: Enter, %d\n", __func__, ret); @@ -569,21 +601,11 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) if (!efi_secure_boot_enabled()) return true; - /* - * Size must be 8-byte aligned and the trailing bytes must be - * zero'ed. Otherwise hash value may be incorrect. - */ - if (efi_size & 0x7) { - new_efi_size = (efi_size + 0x7) & ~0x7ULL; - new_efi = calloc(new_efi_size, 1); - if (!new_efi) - return false; - memcpy(new_efi, efi, efi_size); - efi = new_efi; - efi_size = new_efi_size; - } + new_efi = efi_prepare_aligned_image(efi, (u64 *)&efi_size); + if (!new_efi) + return false; - if (!efi_image_parse(efi, efi_size, ®s, &wincerts, + if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts, &wincerts_len)) { EFI_PRINT("Parsing PE executable image failed\n"); goto err; @@ -725,7 +747,8 @@ err: efi_sigstore_free(dbx); pkcs7_free_message(msg); free(regs); - free(new_efi); + if (new_efi != efi) + free(new_efi); EFI_PRINT("%s: Exit, %d\n", __func__, ret); return ret; @@ -891,6 +914,13 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, goto err; } +#if CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL) + /* Measure an PE/COFF image */ + if (tcg2_measure_pe_image(efi, efi_size, handle, + loaded_image_info)) + log_err("PE image measurement failed\n"); +#endif + /* Copy PE headers */ memcpy(efi_reloc, efi, sizeof(*dos) diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index ee743f5951..1319a8b378 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -13,8 +13,10 @@ #include #include #include +#include #include #include +#include #include #include #include @@ -710,6 +712,183 @@ out: return EFI_EXIT(ret); } +/** + * tcg2_hash_pe_image() - calculate PE/COFF image hash + * + * @efi: pointer to the EFI binary + * @efi_size: size of @efi binary + * @digest_list: list of digest algorithms to extend + * + * Return: status code + */ +static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size, + struct tpml_digest_values *digest_list) +{ + WIN_CERTIFICATE *wincerts = NULL; + size_t wincerts_len; + struct efi_image_regions *regs = NULL; + void *new_efi = NULL; + u8 hash[TPM2_SHA512_DIGEST_SIZE]; + efi_status_t ret; + u32 active; + int i; + + new_efi = efi_prepare_aligned_image(efi, &efi_size); + if (!new_efi) + return EFI_OUT_OF_RESOURCES; + + if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts, + &wincerts_len)) { + log_err("Parsing PE executable image failed\n"); + ret = EFI_UNSUPPORTED; + goto out; + } + + ret = __get_active_pcr_banks(&active); + if (ret != EFI_SUCCESS) { + goto out; + } + + digest_list->count = 0; + for (i = 0; i < MAX_HASH_COUNT; i++) { + u16 hash_alg = hash_algo_list[i].hash_alg; + + if (!(active & alg_to_mask(hash_alg))) + continue; + switch (hash_alg) { + case TPM2_ALG_SHA1: + hash_calculate("sha1", regs->reg, regs->num, hash); + break; + case TPM2_ALG_SHA256: + hash_calculate("sha256", regs->reg, regs->num, hash); + break; + case TPM2_ALG_SHA384: + hash_calculate("sha384", regs->reg, regs->num, hash); + break; + case TPM2_ALG_SHA512: + hash_calculate("sha512", regs->reg, regs->num, hash); + break; + default: + EFI_PRINT("Unsupported algorithm %x\n", hash_alg); + return EFI_INVALID_PARAMETER; + } + digest_list->digests[i].hash_alg = hash_alg; + memcpy(&digest_list->digests[i].digest, hash, (u32)alg_to_len(hash_alg)); + digest_list->count++; + } + +out: + if (new_efi != efi) + free(new_efi); + free(regs); + + return ret; +} + +/** + * tcg2_measure_pe_image() - measure PE/COFF image + * + * @efi: pointer to the EFI binary + * @efi_size: size of @efi binary + * @handle: loaded image handle + * @loaded_image: loaded image protocol + * + * Return: status code + */ +efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, + struct efi_loaded_image_obj *handle, + struct efi_loaded_image *loaded_image) +{ + struct tpml_digest_values digest_list; + efi_status_t ret; + struct udevice *dev; + u32 pcr_index, event_type, event_size; + struct uefi_image_load_event *image_load_event; + struct efi_device_path *device_path; + u32 device_path_length; + IMAGE_DOS_HEADER *dos; + IMAGE_NT_HEADERS32 *nt; + struct efi_handler *handler; + + ret = platform_get_tpm2_device(&dev); + if (ret != EFI_SUCCESS) + return ret; + + switch (handle->image_type) { + case IMAGE_SUBSYSTEM_EFI_APPLICATION: + pcr_index = 4; + event_type = EV_EFI_BOOT_SERVICES_APPLICATION; + break; + case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: + pcr_index = 2; + event_type = EV_EFI_BOOT_SERVICES_DRIVER; + break; + case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: + pcr_index = 2; + event_type = EV_EFI_RUNTIME_SERVICES_DRIVER; + break; + default: + return EFI_UNSUPPORTED; + } + + ret = tcg2_hash_pe_image(efi, efi_size, &digest_list); + if (ret != EFI_SUCCESS) + return ret; + + ret = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (ret != EFI_SUCCESS) + return ret; + + ret = EFI_CALL(efi_search_protocol(&handle->header, + &efi_guid_loaded_image_device_path, + &handler)); + if (ret != EFI_SUCCESS) + return ret; + + device_path = EFI_CALL(handler->protocol_interface); + device_path_length = efi_dp_size(device_path); + if (device_path_length > 0) { + /* add end node size */ + device_path_length += sizeof(struct efi_device_path); + } + event_size = sizeof(struct uefi_image_load_event) + device_path_length; + image_load_event = (struct uefi_image_load_event *)malloc(event_size); + if (!image_load_event) + return EFI_OUT_OF_RESOURCES; + + image_load_event->image_location_in_memory = (uintptr_t)efi; + image_load_event->image_length_in_memory = efi_size; + image_load_event->length_of_device_path = device_path_length; + + dos = (IMAGE_DOS_HEADER *)efi; + nt = (IMAGE_NT_HEADERS32 *)(efi + dos->e_lfanew); + if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) { + IMAGE_NT_HEADERS64 *nt64 = (IMAGE_NT_HEADERS64 *)nt; + + image_load_event->image_link_time_address = + nt64->OptionalHeader.ImageBase; + } else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + image_load_event->image_link_time_address = + nt->OptionalHeader.ImageBase; + } else { + ret = EFI_INVALID_PARAMETER; + goto out; + } + + if (device_path_length > 0) { + memcpy(image_load_event->device_path, device_path, + device_path_length); + } + + ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list, + event_size, (u8 *)image_load_event); + +out: + free(image_load_event); + + return ret; +} + /** * efi_tcg2_hash_log_extend_event() - extend and optionally log events * @@ -761,24 +940,32 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, /* * if PE_COFF_IMAGE is set we need to make sure the image is not * corrupted, verify it and hash the PE/COFF image in accordance with - * the procedure specified in "Calculating the PE Image Hash" - * section of the "Windows Authenticode Portable Executable Signature + * the procedure specified in "Calculating the PE Image Hash" + * section of the "Windows Authenticode Portable Executable Signature * Format" - * Not supported for now */ if (flags & PE_COFF_IMAGE) { - ret = EFI_UNSUPPORTED; - goto out; + IMAGE_NT_HEADERS32 *nt; + + ret = efi_check_pe((void *)(uintptr_t)data_to_hash, + data_to_hash_len, (void **)&nt); + if (ret != EFI_SUCCESS) { + log_err("Not a valid PE-COFF file\n"); + goto out; + } + ret = tcg2_hash_pe_image((void *)(uintptr_t)data_to_hash, + data_to_hash_len, &digest_list); + } else { + ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash, + data_to_hash_len, &digest_list); } + if (ret != EFI_SUCCESS) + goto out; + pcr_index = efi_tcg_event->header.pcr_index; event_type = efi_tcg_event->header.event_type; - ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash, - data_to_hash_len, &digest_list); - if (ret != EFI_SUCCESS) - goto out; - ret = tcg2_pcr_extend(dev, pcr_index, &digest_list); if (ret != EFI_SUCCESS) goto out;