On Thu, Oct 21, 2021 at 09:24:55AM -0400, Stefan Berger wrote:
>
> On 10/21/21 8:20 AM, Gerd Hoffmann wrote:
> > Allows to compile OVMF without HashInstanceLibSha1,
> > i.e. no SHA1 hash support in TPM/TCG modules.
>
> Does that then mean that the SHA1 bank in a TPM 2 stays untouched, meaning
> the PCRs there won't get extended even though the bank is there and active?
Not fully sure. The tcg2 config menu looks like this:
[ ... ]
TPM2 Active PCR Hash SHA1, SHA256
Algorithm
TPM2 Hardware Supported SHA1, SHA256, SHA384,
Hash Algorithm SHA512
BIOS Supported Hash SHA256, SHA384, SHA512
Algorithm
[ ... ]
TCG2 Protocol Configuration
Supported Event Log Format TCG_2
Hash Algorithm Bitmap SHA256, SHA384, SHA512
Number of PCR Banks 3
Active PCR Banks SHA256
PCR Bank: SHA1 [ ]
PCR Bank: SHA256 [X]
PCR Bank: SHA384 [ ]
PCR Bank: SHA512 [ ]
[ ... ]
Which looks correct to me (SHA1 bank present but not active).
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82509): https://edk2.groups.io/g/devel/message/82509
Mute This Topic: https://groups.io/mt/86487987/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
