View Change
1 comment:
Commit Message:
Patch Set #2, Line 13: BOOT_MODE.
The TCPA log should always log the thing that was actually sent to the TPM, and the algorithm in the log should match the actual TPM bank it was written to. So SHA256 for this.
I support this approach for TPM2.0. It looks though that with always-SHA256 we break TPM1.2 case. There TCPA log should contain SHA1 (there are no banks, and what we extend is a 20-byte SHA1 digest).
To view, visit change 35645. To unsubscribe, or for help writing mail filters, visit settings.
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ia25938ac5f6c29f60a4819023b99f7796849f574
Gerrit-Change-Number: 35645
Gerrit-PatchSet: 2
Gerrit-Owner: Werner Zeh <werner.zeh@siemens.com>
Gerrit-Reviewer: Aaron Durbin <adurbin@chromium.org>
Gerrit-Reviewer: Andrey Pronin <apronin@chromium.org>
Gerrit-Reviewer: Julius Werner <jwerner@chromium.org>
Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Gerrit-Reviewer: Werner Zeh <werner.zeh@siemens.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Andrey Pronin <apronin@google.com>
Gerrit-CC: Joel Kitching <kitching@google.com>
Gerrit-Comment-Date: Sat, 28 Sep 2019 02:26:09 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Werner Zeh <werner.zeh@siemens.com>
Comment-In-Reply-To: Aaron Durbin <adurbin@chromium.org>
Comment-In-Reply-To: Julius Werner <jwerner@chromium.org>
Comment-In-Reply-To: Andrey Pronin <apronin@google.com>
Gerrit-MessageType: comment