Change in coreboot[master]: tpm2: use pcr0 dependent nvram space policy definitions - coreboot-gerrit

2 Aug 2019


      Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/15635 )
Change subject: tpm2: use pcr0 dependent nvram space policy definitions
......................................................................
Patch Set 2:
(1 comment)
https://review.coreboot.org/c/coreboot/+/15635/2/src/lib/tpm2_tlcl.c 
File src/lib/tpm2_tlcl.c:
https://review.coreboot.org/c/coreboot/+/15635/2/src/lib/tpm2_tlcl.c@259 
PS2, Line 259: 	static const uint8_t pcr0_unchanged_policy[] = {
I want to use tlcl_define_space in my code and done some tests.
I used
`tpm2_policypcr -S session.dat -L "sha256:0" -F pcr.dat`
that generates a digest that looks similar:
policy-digest: 0x09 3C EB 41 18 1D 47 80 88 62 D7 94 62 68 EE 6A 17 A1 0E 3D 1B 79 B3 23 51 BC 56 E4 BE AC EF F0
For me it looks like the parser that was used to generate pcr0_unchanged_policy "shifted" the digest by 4 bit instead of 8.
Are you sure the digest in coreboot is correct?
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/15635
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I889b2c4c4831ae01c093f33c09b4d98a11d758da
Gerrit-Change-Number: 15635
Gerrit-PatchSet: 2
Gerrit-Owner: Martin Roth martinroth@google.com
Gerrit-Reviewer: Furquan Shaikh furquan@google.com
Gerrit-Reviewer: Martin Roth martinroth@google.com
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-Reviewer: Vadim Bendebury vbendeb@chromium.org
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Patrick Rudolph patrick.rudolph@9elements.com
Gerrit-Comment-Date: Fri, 02 Aug 2019 08:28:51 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment