Issue #421 has been updated by Julius Werner.
However, instead of following existing standards, be it TCG or coreboot, such approach creates yet another one. Having the ability to use more than one would make transition to TPM2.0 easier, if not no-op. Since we are going to have to change event log generation code anyway, we want to do it properly, instead of putting another half-measure in place.
Sorry, I still get the impression that we have a fundamental misunderstanding here. The TCG does *not* dictate how many hashes need to be logged in the TCPA log! (Or does it? If I'm wrong about this please clarify the exact spec and section that defines what hash algorithms *must* be present in the long, because I am not aware of any such requirement.) The TCG defined a log format that *allows* an implementation to log one or more hashes of different algorithms for each measurement entry. What exact algorithms and how many of them to use is entirely up to the implementation.
So no, we would not be "putting another half-measure in place" that creates "yet another" standard. We would be switching to the exact TCG standard that you want (which I am generally not opposed to at all), we would use that exact format, and we would just *choose* to only log one hash for one algorithm in that data structure that is designed to hold one or more hashes depending on how the writer decides to fill it out. Because we don't have a use case for more than one hash. That's all I'm talking about.
---------------------------------------- Cleanup #421: Change API of functions taking hash as an argument https://ticket.coreboot.org/issues/421#change-1220
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 ---------------------------------------- All existing functions that take a digest as an input assume that only one hashing algorithm is used at a time. Crypto agile format entry can (and should) log every used PCR bank in one entry for a given measurement. To make it work, some of the arguments must be changed, e.g.:
- pass number of algorithms used; - instead of algorithm ID, pass a pointer to array of such IDs, with size equal to above; - instead of hash, pass a pointer to array of hashes, with size and order as above.