sandbox: tpm: Correct handling of SANDBOX_TPM_PCR_NB

This is the number of PCRs, so the current check is off by one. Also the
map itself should not be checked, just the resulting pcr_index, to avoid
confusing people who read the code.

Fix these problems.

Signed-off-by: Simon Glass <sjg@chromium.org>

diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
index ed9c9a0..3c4bbcd 100644 (file)
--- a/drivers/tpm/tpm2_tis_sandbox.c
+++ b/drivers/tpm/tpm2_tis_sandbox.c
@@ -642,15 +642,8 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
                for (i = 0; i < pcr_array_sz; i++)
                        pcr_map += (u64)sent[i] << (i * 8);
 
-               if (pcr_map >> SANDBOX_TPM_PCR_NB) {
-                       printf("Sandbox TPM handles up to %d PCR(s)\n",
-                              SANDBOX_TPM_PCR_NB);
-                       rc = TPM2_RC_VALUE;
-                       return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
-               }
-
                if (!pcr_map) {
-                       printf("Empty PCR map.\n");
+                       printf("Empty PCR map\n");
                        rc = TPM2_RC_VALUE;
                        return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
                }
@@ -659,6 +652,13 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
                        if (pcr_map & BIT(i))
                                pcr_index = i;
 
+               if (pcr_index >= SANDBOX_TPM_PCR_NB) {
+                       printf("Invalid index %d, sandbox TPM handles up to %d PCR(s)\n",
+                              pcr_index, SANDBOX_TPM_PCR_NB);
+                       rc = TPM2_RC_VALUE;
+                       return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
+               }
+
                /* Write tag */
                put_unaligned_be16(tag, recv);
                recv += sizeof(tag);
@@ -692,9 +692,9 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
                pcr_index = get_unaligned_be32(sendbuf + sizeof(tag) +
                                               sizeof(length) +
                                               sizeof(command));
-               if (pcr_index > SANDBOX_TPM_PCR_NB) {
-                       printf("Sandbox TPM handles up to %d PCR(s)\n",
-                              SANDBOX_TPM_PCR_NB);
+               if (pcr_index >= SANDBOX_TPM_PCR_NB) {
+                       printf("Invalid index %d, sandbox TPM handles up to %d PCR(s)\n",
+                              pcr_index, SANDBOX_TPM_PCR_NB);
                        rc = TPM2_RC_VALUE;
                }