2 comments:
Patch Set #2, Line 9: The hash algorithm for VBOOTs BOOT_MODE is fixed to sha1 but TCPA log
I don't think this is the case any more. Does the coreboot. […]
No, TCPA log uses fixed SHA2 while vb2api_get_pcr_digest() returns a size of 20 bytes for the digest_type.
Patch Set #2, Line 13: BOOT_MODE.
I'm confused. […]
Have a look at 3rdparty/vboot/firmware/2lib/2api.c:
vb2_error_t vb2api_get_pcr_digest(struct vb2_context *ctx,
enum vb2_pcr_digest which_digest,
uint8_t *dest,
uint32_t *dest_size)
{
const uint8_t *digest;
uint32_t digest_size;
switch (which_digest) {
case BOOT_MODE_PCR:
digest = vb2_get_boot_state_digest(ctx);
digest_size = VB2_SHA1_DIGEST_SIZE;
break;
case HWID_DIGEST_PCR:
digest = vb2_get_gbb(ctx)->hwid_digest;
digest_size = VB2_GBB_HWID_DIGEST_SIZE;
break;
default:
return VB2_ERROR_API_PCR_DIGEST;
}
For BOOT_MODE_PCR, digest size is set to VB2_SHA1_DIGEST_SIZE which is defined in 3rdparty/vboot/firmware/2lib/include/2sha.h as
#define VB2_SHA1_DIGEST_SIZE 20
So it still uses SHA1 for BOOT_MODE_PCR.
My current vboot commit is e6700f4c70fe72850ae4f3f5df19c9281ebcefc8
To view, visit change 35645. To unsubscribe, or for help writing mail filters, visit settings.