On Thu, Oct 21, 2021 at 09:24:55AM -0400, Stefan Berger wrote: > > On 10/21/21 8:20 AM, Gerd Hoffmann wrote: > > Allows to compile OVMF without HashInstanceLibSha1, > > i.e. no SHA1 hash support in TPM/TCG modules. > > Does that then mean that the SHA1 bank in a TPM 2 stays untouched, meaning > the PCRs there won't get extended even though the bank is there and active?
Not fully sure. The tcg2 config menu looks like this: [ ... ] TPM2 Active PCR Hash SHA1, SHA256 Algorithm TPM2 Hardware Supported SHA1, SHA256, SHA384, Hash Algorithm SHA512 BIOS Supported Hash SHA256, SHA384, SHA512 Algorithm [ ... ] TCG2 Protocol Configuration Supported Event Log Format TCG_2 Hash Algorithm Bitmap SHA256, SHA384, SHA512 Number of PCR Banks 3 Active PCR Banks SHA256 PCR Bank: SHA1 [ ] PCR Bank: SHA256 [X] PCR Bank: SHA384 [ ] PCR Bank: SHA512 [ ] [ ... ] Which looks correct to me (SHA1 bank present but not active). take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#82509): https://edk2.groups.io/g/devel/message/82509 Mute This Topic: https://groups.io/mt/86487987/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-