Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Christian Walter, Julius Werner, Krystian Hebel.

Sergii Dmytruk has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68747 )

Change subject: security/tpm: add TPM log format as per 1.2 spec ......................................................................

Patch Set 7:

(2 comments)

File src/commonlib/include/commonlib/tpm_log_defs.h:

https://review.coreboot.org/c/coreboot/+/68747/comment/62a629d7_6b2fabbf PS5, Line 1: /* SPDX-License-Identifier: GPL-2.0-only */

It even should be moved to bsd includes. Let's do it.

Done

File src/security/tpm/Kconfig:

https://review.coreboot.org/c/coreboot/+/68747/comment/88fc2410_a014ce4b PS5, Line 108: bool "TPM 1.2 format" Look at 10.1 section in https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...:

PC Client firmware specifications for TPM 1.2 enabled platforms defined an event log that mandated the use of SHA1 to hash event data and extend the 20-byte digest into PCRs. This specification refers to this log format as the SHA1 log format. With TPM 2.0, PCRs may support other hashing algorithms besides SHA1. If Platform Firmware extends digests to PCRs using other hashing algorithms, an event in the event log has to contain all of the recorded digests. This specification refers to this log format as a crypto agile log format or just as the event log.

My impression is that it's allowed to use "SHA1 log" for TPM2 as well as long as only SHA1 hash is used. But this is informational comment and formal part says:

Event log entries after the first entry SHALL be TCG_PCR_EVENT2 structures. See Section 10.2.2 TCG_PCR_EVENT2 Structure.

suggesting that it shouldn't be allowed.