Andrey Pronin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35645 )
Change subject: vboot: Fix wrong algorithm in TCPA log for BOOT_MODE
......................................................................
Patch Set 2:
(1 comment)
https://review.coreboot.org/c/coreboot/+/35645/2//COMMIT_MSG
Commit Message:
https://review.coreboot.org/c/coreboot/+/35645/2//COMMIT_MSG@13
PS2, Line 13: BOOT_MODE.
The TCPA log should always log the thing that was actually sent to the TPM, and the algorithm in the log should match the actual TPM bank it was written to. So SHA256 for this.
I support this approach for TPM2.0. It looks though that with always-SHA256 we break TPM1.2 case. There TCPA log should contain SHA1 (there are no banks, and what we extend is a 20-byte SHA1 digest).
--
To view, visit
https://review.coreboot.org/c/coreboot/+/35645
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ia25938ac5f6c29f60a4819023b99f7796849f574
Gerrit-Change-Number: 35645
Gerrit-PatchSet: 2
Gerrit-Owner: Werner Zeh
werner.zeh@siemens.com
Gerrit-Reviewer: Aaron Durbin
adurbin@chromium.org
Gerrit-Reviewer: Andrey Pronin
apronin@chromium.org
Gerrit-Reviewer: Julius Werner
jwerner@chromium.org
Gerrit-Reviewer: Philipp Deppenwiese
zaolin.daisuki@gmail.com
Gerrit-Reviewer: Werner Zeh
werner.zeh@siemens.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: Andrey Pronin
apronin@google.com
Gerrit-CC: Joel Kitching
kitching@google.com
Gerrit-Comment-Date: Sat, 28 Sep 2019 02:26:09 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Werner Zeh
werner.zeh@siemens.com
Comment-In-Reply-To: Aaron Durbin
adurbin@chromium.org
Comment-In-Reply-To: Julius Werner
jwerner@chromium.org
Comment-In-Reply-To: Andrey Pronin
apronin@google.com
Gerrit-MessageType: comment
