stub: remove TPM 1 support

TPM 1 will not be supported by newer systemd versions and is not widely available anyways.
nix-community · Sep 14, 2023 · 3dab553 · 3dab553
1 parent 45b529c
commit 3dab553
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 53 deletions.
diff --git a/rust/uefi/Cargo.lock b/rust/uefi/Cargo.lock
diff --git a/rust/uefi/linux-bootloader/Cargo.toml b/rust/uefi/linux-bootloader/Cargo.toml
@@ -19,8 +19,5 @@ bitflags = "2.3.3"
 # Even in debug builds, we don't enable the debug logs, because they generate a lot of spam from goblin.
 log = { version = "0.4.19", default-features = false, features = [ "max_level_info", "release_max_level_warn" ]}
 
-# SHA1 for TPM TCG interface version 1.
-sha1_smol = "1.0.0"
-
 [badges]
 maintenance = { status = "actively-developed" }
diff --git a/rust/uefi/linux-bootloader/src/tpm.rs b/rust/uefi/linux-bootloader/src/tpm.rs
@@ -3,10 +3,7 @@ use core::mem::{self, MaybeUninit};
 use log::warn;
 use uefi::{
     prelude::BootServices,
-    proto::tcg::{
-        v1::{self, Sha1Digest},
-        v2, EventType, PcrIndex,
-    },
+    proto::tcg::{v2, EventType, PcrIndex},
     table::boot::ScopedProtocol,
 };
 
@@ -32,24 +29,8 @@ fn open_capable_tpm2(boot_services: &BootServices) -> uefi::Result<ScopedProtoco
     Ok(tpm_protocol)
 }
 
-fn open_capable_tpm1(boot_services: &BootServices) -> uefi::Result<ScopedProtocol<v1::Tcg>> {
-    let tpm_handle = boot_services.get_handle_for_protocol::<v1::Tcg>()?;
-    let mut tpm_protocol = boot_services.open_protocol_exclusive::<v1::Tcg>(tpm_handle)?;
-
-    let status_check = tpm_protocol.status_check()?;
-
-    if status_check.protocol_capability.tpm_deactivated()
-        || !status_check.protocol_capability.tpm_present()
-    {
-        warn!("Capability `TPM present` is not there or `TPM deactivated` is there for the existing TPM TCGv1 protocol");
-        return Err(uefi::Status::UNSUPPORTED.into());
-    }
-
-    Ok(tpm_protocol)
-}
-
 pub fn tpm_available(boot_services: &BootServices) -> bool {
-    open_capable_tpm2(boot_services).is_ok() || open_capable_tpm1(boot_services).is_ok()
+    open_capable_tpm2(boot_services).is_ok()
 }
 
 /// Log an event in the TPM with `buffer` as data.
@@ -78,28 +59,6 @@ pub fn tpm_log_event_ascii(
         )?;
         // FIXME: what do we want as flags here?
         tpm2.hash_log_extend_event(Default::default(), buffer, event)?;
-    } else if let Ok(mut tpm1) = open_capable_tpm1(boot_services) {
-        let required_size = mem::size_of::<PcrIndex>()
-            + mem::size_of::<EventType>()
-            + mem::size_of::<Sha1Digest>()
-            + mem::size_of::<u32>()
-            + description.len();
-
-        let mut event_buffer = vec![MaybeUninit::<u8>::uninit(); required_size];
-
-        // Compute sha1 of the event data
-        let mut m = sha1_smol::Sha1::new();
-        m.update(description.as_bytes());
-
-        let event = v1::PcrEvent::new_in_buffer(
-            event_buffer.as_mut_slice(),
-            pcr_index,
-            EventType::IPL,
-            m.digest().bytes(),
-            description.as_bytes(),
-        )?;
-
-        tpm1.hash_log_extend_event(event, Some(buffer))?;
     }
 
     Ok(true)