tpm2: change the default pcr bank of tpm2 to sha256

euler inclusion
category: feature/tpm
bugzilla: 3007
CVE: NA

-------------------------------------------------

Sha1 is not safe enough to for the trust computing environment, so
change the default pcr bank of tpm2 to sha256 to harden the system.

------
kABI: symbol evm_verifyxattr changed crc from 0x1efaed40 to 0x465083df
kABI Warning: kABI breakage!
------
Signed-off-by: NLi Kun <hw.likun@huawei.com>
Signed-off-by: NKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: NHui Wang <john.wanghui@huawei.com>
Signed-off-by: NZhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: NZhiqiang Liu <liuzhiqiang26@huawei.com>
Reviewed-by: NMao Wenan <maowenan@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

drivers/char/tpm/tpm2-cmd.c

@@ -200,7 +200,7 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
 	pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
 
 	tpm_buf_append_u32(&buf, 1);
-	tpm_buf_append_u16(&buf, TPM2_ALG_SHA1);
+	tpm_buf_append_u16(&buf, TPM2_ALG_SHA256);
 	tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN);
 	tpm_buf_append(&buf, (const unsigned char *)pcr_select,
 		       sizeof(pcr_select));
@@ -209,7 +209,7 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
 			res_buf ? "attempting to read a pcr value" : NULL);
 	if (rc == 0 && res_buf) {
 		out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE];
-		memcpy(res_buf, out->digest, SHA1_DIGEST_SIZE);
+		memcpy(res_buf, out->digest, SHA256_DIGEST_SIZE);
 	}
 
 	tpm_buf_destroy(&buf);

security/integrity/integrity.h

@@ -79,7 +79,7 @@ enum evm_ima_xattr_type {
 
 struct evm_ima_xattr_data {
 	u8 type;
-	u8 digest[SHA1_DIGEST_SIZE];
+	u8 digest[SHA256_DIGEST_SIZE];
 } __packed;
 
 #define IMA_MAX_DIGEST_SIZE	64