> -----Original Message----- > From: Gilbert, Travis > Sent: Thursday, December 15, 2016 11:38 > To: tboot-devel@lists.sourceforge.net > Subject: Re: [tboot-devel] TPM 2.0 + TXT + EFI tboot > > Okay new update. I tracked the issue down to the ACM saying the PO hash > algorithm mask is 0. Here is the script I'm running to create and write the > policy. > > I'm passing the algorithm in to the lcp2_crtpol command. Why isn't it writing > that to the algorithm mask? > > I'm currently analyzing the policy that was generated to see if, in fact, the > hash algorithm mask is 0.
The hash algorithm mask is 0. If I write all 1s to that area in my .pol file, I get past the ACM check. There is a bug in lcptools-v2/crtpol.c where none of the alg-masks are ever touched. They exist in the lcp_policy_t2 struct, but they're not initialized to a usable value. They just inherit the value of all zeroes from the memset() call. I'm hacking a patch together to get my testing completed. How would you devs like me to implement that in a final patch? I can make command line arguments to be passed in with those values. I think I should also at least make the default match the algorithm being passed in on the command line. So if you specify "--alg sha256" then lcp_hash_alg_mask should at least match that with 0x0B. If you have preferences for command line argument letters to use, speak up. Otherwise, I'll pick ones that match with lcptools and that make sense. <snip> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
