On Wed, 2019-12-04 at 14:33 +0000, Paul Moore (pmoore2) via tboot-devel wrote: > On Mon, 2019-12-02 at 14:09 +0100, Lukasz Hawrylko wrote: > > If VLP is present under its own index (for TPM 2.0 it is > > 0x01C10131), > > tboot will not read LCP at all, so certificate will not be > > available. > > I > > think that we should modify program flow, so even if VLP is present, > > LCP > > should be read to check if LCP_CUSTOM_ELEMENT_CERTS_UUID element is > > there. > > That sounds reasonable, let me see what I can do.
A question for discussion: if the VLP is loaded from it's own nvindex, and there is also a VLP present inside the LCP, which VLP do we want to use? I'm assuming it is the VLP we loaded directly, and not from inside the LCP, but thought it was worth checking. -Paul _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
