Hi,
> +##
> +# @AmdSevSnpLaunchHashAlg:
> +#
> +# Hash algorithms used for AMD SEV-SNP launch digests.
> +#
> +# @sha384: SHA-384
> +##
> +{ 'enum': 'AmdSevSnpLaunchHashAlg',
> + 'data': [ 'sha384' ] }
Hmm. When it comes to extending this: Do we want be very strict, like
this, and have a per-type list of digests?
One possible extension which comes to mind is the 'platform-code' digest
measured into TPMs (pcr0). The possible hash algorithms here are
everything supported by the TPM, i.e. sha1, sha256, sha384, sha512.
I think for something new introduced in 2026 we can ignore sha1,
leaving the other three on the table.
So one option would be to add a TPMHashAlg enum for this (sticking to
the theme).
The alternative approach would be to have a common 'FirmwareHashAlg' for
all types. Would make the structs below a bit simpler, the
AmdSevSnpLaunchDigest is not needed then and FirmwareDigest can be a
simple struct instead of a union. On the other hand it would allow some
invalid combinations such as sha256 for amd-snp launch digest.
Opinions?
take care,
Gerd
