On 3/7/2017 10:12 PM, Mimi Zohar wrote: > With the "header" and boot-aggregate records for each kexec, the > attestation server can determine which hash algorithm was used for > extending the different TPM banks. The attestation server can then > pad/truncate the hash as needed, when verifying the TPM quote.
According to the TCG specs, there should be just one header at the beginning of the list. Its purpose is to provide the length for each hash algorithm supported by the TPM. The subset of algorithms used is defined per measurement entry. Regarding modifying the digest before it is passed to the extend function, can truncating/padding with zeros be considered a standard? If not, verifiers have to look at the software implementation, in order to find how the digest was modified. I add in CC [email protected] also here. Roberto ------------------------------------------------------------------------------ Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford _______________________________________________ tpmdd-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
