Issue #421 has been updated by Julius Werner.
> > Can you explain what use case you have that requires you to use multiple > > algorithms? > > This allows for greater flexibility, where multiple coexisting programs may > have different expectations, e.g. one is old enough to not know anything but > SHA1, and another that considers SHA1 not secure enough. Sorry, but that sounds kinda vague... I mean, do you actually have a case right now where you need this on one of the coreboot platforms you're building? And how is the algorithm supposed to get in there? Right now we just have a TPM_MEASURE_ALGO constant that's either SHA1 for TPM 1.2 or SHA256 for TPM 2.0... are you planning to make a bunch of Kconfigs to select this instead or something? Basically, I understand that the log format *allows* multiple algorithms, and that's fine. And I'm also not saying that we can never expand it to allow logging multiple algorithms if a real need comes up in the future. I'm just saying there's no need to make things any more complicated than they need to be right now and implement support for a bunch of stuff in the lower level APIs that the higher level APIs wouldn't actually be using yet. If your goal for the time being is just to support the new log format, why don't you just do that in a way where tpm_extend_pcr() always creates a log entry with exactly one algorithm? If we ever get to the point where we actually need to log multiple algorithms somewhere we can still expand that later. ---------------------------------------- Cleanup #421: Change API of functions taking hash as an argument https://ticket.coreboot.org/issues/421#change-1195 * Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 ---------------------------------------- All existing functions that take a digest as an input assume that only one hashing algorithm is used at a time. Crypto agile format entry can (and should) log every used PCR bank in one entry for a given measurement. To make it work, some of the arguments must be changed, e.g.: - pass number of algorithms used; - instead of algorithm ID, pass a pointer to array of such IDs, with size equal to above; - instead of hash, pass a pointer to array of hashes, with size and order as above. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
