Issue #421 has been updated by Julius Werner.
> It would actually simplify the API by making parameter lists shorter and > input data better grouped. Having to construct a separate parameter struct rather than just throwing in two scalars is not "simpler". > `skiboot` writes both SHA1 and SHA256 hashes to TPM2 log. I didn't count it > as a use case because so far we were using TPM1.2, but it does show existence > of logs with multiple hashes in the wild. I don't know what skiboot is... is that coreboot? Do they have a real use case for having both hashes in the log or is it just another bootloader where someone decided "might as well write all the hashes in advance just because the spec technically allows for it"? My question is: is there any user of coreboot right now who would actually turn on multiple hashes for production purposes because otherwise something they need doesn't work for them? ---------------------------------------- Cleanup #421: Change API of functions taking hash as an argument https://ticket.coreboot.org/issues/421#change-1209 * Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 ---------------------------------------- All existing functions that take a digest as an input assume that only one hashing algorithm is used at a time. Crypto agile format entry can (and should) log every used PCR bank in one entry for a given measurement. To make it work, some of the arguments must be changed, e.g.: - pass number of algorithms used; - instead of algorithm ID, pass a pointer to array of such IDs, with size equal to above; - instead of hash, pass a pointer to array of hashes, with size and order as above. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
