Lock PCR

Author: raoulstrackx

fortanix-vme/nsm/src/lib.rs

@@ -140,6 +140,17 @@ impl Nsm {
         };
         nsm_driver::nsm_process_request(self.0, req).try_into()
     }
+
+    pub fn lock_pcr(&mut self, idx_pcr: u16) -> Result<(), Error> {
+        let req = Request::LockPCR {
+            index: idx_pcr,
+        };
+        match nsm_driver::nsm_process_request(self.0, req) {
+            Response::LockPCR     => Ok(()),
+            Response::Error(code) => Err(code.into()),
+            _                     => Err(Error::InvalidResponse),
+        }
+    }
 }
 
 impl Drop for Nsm {

fortanix-vme/tests/nsm-test/src/main.rs

@@ -34,4 +34,8 @@ fn main() {
     println!("pcr16 = {:?}", pcr16);
     println!("pcr16 = {:?}", nsm.describe_pcr(16));
     assert_eq!(nsm.describe_pcr(16).unwrap().locked, false);
+
+    nsm.lock_pcr(16).unwrap();
+    println!("pcr16 = {:?}", nsm.describe_pcr(10));
+    assert_eq!(nsm.describe_pcr(16).unwrap().locked, true);
 }