Issue #421 has been updated by Sergii Dmytruk.
If there are no objections, I'll use an API like this instead:
``` struct tpm_digest { const uint8_t *hash; size_t len; enum vb2_hash_algorithm hash_type; };
/** * Ask vboot for a digest and extend a TPM PCR with it. * @param pcr sets the pcr index * @param digests An array of digests terminated by an entry with VB2_HASH_NONE * @param name sets additional info where the digest comes from * @return TPM_SUCCESS on success. If not a tpm error is returned */ uint32_t tpm_extend_pcr(int pcr, const tpm_digest *digests, const char *name); ``` Passing in length and arrays which must be kept in sync seems to make things needlessly complicated.
---------------------------------------- Cleanup #421: Change API of functions taking hash as an argument https://ticket.coreboot.org/issues/421#change-1182
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 ---------------------------------------- All existing functions that take a digest as an input assume that only one hashing algorithm is used at a time. Crypto agile format entry can (and should) log every used PCR bank in one entry for a given measurement. To make it work, some of the arguments must be changed, e.g.:
- pass number of algorithms used; - instead of algorithm ID, pass a pointer to array of such IDs, with size equal to above; - instead of hash, pass a pointer to array of hashes, with size and order as above.