On Wed, Aug 31, 2011 at 03:45:45PM -0400, Stefan Berger wrote:
This patch implements the TCG BIOS interrupt handler 1ah. It is for example used by trusted grub.
This patch adds an implementation of SHA1 (following NIST specs., IETF RFC 3147 and Wikipedia) for speeding up measurements of code. Trusted Grub for example makes use of this interface and measures (calculates SHA1) of the Linux kernel and initrd. Those files can be rather large and hunting their bytes through the TIS interface as part of the int handler commands invoked by trusted grub does take quite some time due to the many vmexits the interface is creating (one per byte).
There is also a threshold for the size of data to hash (100k) below which the TPM is used and above the internal faster SHA1 algorithm is used.
A question: Is there a reason for not reusing the SHA1 implementation from other libraries, like OpenSSL?
I've got a couple of cryptographic device models on my end (some of them that I may contribute at some point) that will need the various SHA hashes and other ciphers.
In my case, there might be tons of data beeing hashed and when available, it would be nice to be able to use cryptographic hw acceleration which may be provided by OpenSSL engines. Or even, just heavily optimized assembly versions of them.